First-class  delivery  The  U.S.  Postal  Service  has  rolled 

out  single  sign-on  capabilities  for  nearly  150,000  users.  PAGE  25. 


Rat  out  a  rat?  A  report  to  Congress  sees  potential  in 
an  anti-spam  bounty  system.  ’Net  Buzz  provides  the  details.  PAGE  74. 
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Crackim 

the  wireless  security 


BY  JOEL  SNYDER  AND  RODNEY  THAYER, 
TWORK  WORLD  LAB  ALLIANCE 

it  possible  to  deploy  a 
secure  wireless  LAN  with 
technology  available  today? 
That  question  preys  on  the 
minds  of  IT  executives  who  are  tempt¬ 
ed  to  deploy  enterprise  WLANs,  but  are 
hesitant  because  of  security  concerns. 

So  we  assembled  23  wireless  products 
from  17  vendors  and  ran  them  through  a 
battery  of  tests  aimed  at  getting  the  answer. 

We  found  that  Wired  Equivalent  Privacy  (WEP)  is  very  weak,  and 
we  don’t  recommend  using  it  other  than  in  very  specialized  cases. 

WEP’s  successor, Wi-Fi  Protected  Access  (WPA),  has  flaws  but  pro¬ 
vides  solid  security  when  combined  with  802. IX  authentication  and 
deployed  carefully.  Ultimately,  802.  Hi,  the  standard  that  replaces  WEP 
and  WPA,  will  provide  all  the  tools  needed  to  protect  WLANs. 

To  their  credit,  vendors  are  aggressively  shipping  products  at  all 
prices  that  support  enterprise-class  security  features.Two-thirds  of  the 
products  tested  support  802.  IX,  and  vendors  are  moving  rapidly  to 
comply  with  802. 1 1  i  standards.  See  Wireless  report,  page  47 

JOHN  HERSEY 


Microsoft  leaves  colleges  vulnerable 


know  more, 
but  so  do 
their  kids 

Keeping  online  chil¬ 
dren  in  line  is  a 
common  goal  but 
strategies  differ. 

■  BY  ANN  BEDNARZ  AND 
DENISE  DUBIE 

Writing  group  policies, 
assigning  user  privi¬ 
leges  and  setting 
restrictive  security  zones  for 
Internet  access  keep  system 
management  analyst  Jason 
Kennedy  plenty  busy. . .  .And 
then  he  goes  to  work. 

As  the  father  of  two  “fright¬ 
eningly  computer-sawy” 
children  and  a  member  of 
the  IT  team  at  Best  Buy 
Canada  in  Vancouver,  B.C. , 
he  has  plenty  of  opportunity 
at  home  to  use  Internet- 
access  monitoring  knowl¬ 
edge  and  skills. 

“To  keep  them  safe,  I’ve 
See  Home,  page  16 


■  BY  JOHN  FONTANA 

Microsoft’s  licensing  policies 
and  legal  restrictions  that  forbid 
schools  from  distributing  soft¬ 


ware  patches  to  many  students 
are  leaving  IT  executives  at  uni¬ 
versities  with  potentially  thou¬ 
sands  of  unmanaged  desktops 
that  pose  a  serious  security  risk. 

The  issue  is  that  higher-educa¬ 
tion  institutions,  and  other  orga¬ 
nizations  outside  Microsoft  and 
its  resellers,  don’t  have  the  legal 
right  to  distribute  Windows  soft¬ 
ware  to  computers  they  do  not 
own.  For  most  schools,  that  is  a 
majority  of  their  student  desk¬ 
tops  (see  graphic,  page  14). 

The  result  is  that  universities 
can’t  distribute  patches  for  many 


Windows-based  machines;  in¬ 
stead  they  must  rely  on  students 
to  patch  their  own  systems. 

As  a  result, schools  end  up  with 
lopsided  networks  with  secure 
network  infrastructure  servicing 
clients  not  adequately  patched 
and  protected. 

“We  have  one  set  of  licensing 
agreements  in  place  to  handle 
site  licensing  for  faculty  staff  and 
employees,  and  then  we  have  the 
infamous  black  hole  for  student- 
owned  computers  because  they 
are  not  owned,  managed  or  have 
See  Education,  page  14 


Cisco  deals 
kick  VoIP 
market  into 
high  gear 

■  BY  PHIL  HOCHMUTH 

Cisco  has  been  on  a  roll  in  VoIP 
lately  —  announcing  three  huge 
wins  with  Fortune  50  companies 
in  three  months. 

Users  and  analysts  cite  a  con¬ 
vergence  of  several  factors,  in¬ 
cluding  the  improved  ability  of 
Cisco  VoIP  gear  to  work  with  leg¬ 
acy  PBXs,  refinements  in  tele¬ 
phony  features,  and  the  recent 
adoption  of  large-bandwidth  and 
QoS-based  WAN  services  in  big 
businesses.  Observers  also  notice 
a  change  in  approach  by  the 
company  and  its  integration  part¬ 
ners  on  how 

VoIP  is  pitched  ■  Winning  over 
to  and  in-  skeptics,  VoIP 

stalled  in  large  S'>2Tb“i'dS- 

IT  shops. 

The  list  of  companies  signing 
up  for  vast  VoIP  implementations 
is  impressive.  In  July  Boeing  said 
it  would  put  in  150,000  Cisco  IP 
phones,  and  last  month  Ford  an¬ 
nounced  a  50,000-phone  net¬ 
work.  Last  week,  Bank  of  America 
topped  them  all,  announcing  a 
180,000-phone  deal  with  Cisco. 

Bank  of  America  said  it  will 
start  to  replace  362  PBXs  in  more 
than  5,000  branches  next  year 
with  Cisco  CallManagers  — 
Windows-based  servers  running 
Cisco  IP  PBX  software.  Electronic 
Data  Systems  is  providing  net¬ 
work  integration  and  support  ser¬ 
vices  as  well.  Bank  of  America 
would  not  comment  on  the  pro¬ 
ject’s  details. 

“Cisco’s  [IP  telephony]  prod¬ 
ucts  have  matured  quite  a  bit  in 

See  Cisco,  page  12 
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Mr.  40%  Less 
Time  Spent  on 
Maintenance  and 
Administration 


PING 


"Instead  of  putting  out  fires,  we  now  focus  on  ways  we  can 
deploy  new  technologies  that  benefit  our  customer  service." 

Dave  Chacon 

Manager,  Technical  Services,  PING 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes  it  easier  for 
golf  club  maker  PING  to  manage  the  infrastructure 
serving  their  400  end  users.  Here's  how:  By  using 
Windows  Server 2003  with  Active  Directory,'  PING 
now  centrally  manages  all  its  servers,  desktops, 
and  end  users  from  one  location.  This  cut  annual 
administrative  time  by  800  hours.  Time  that  can  now 
be  spent  developing  new  ways  to  support  customers, 
partners,  and  employees.  Software  that's  easier  to 
manage  is  software  that  helps  you  do  more  with  less. 
Get  the  full  PING  story  at  microsoft.com/wssystem 


Windows  Server  System™  includes: 


Microsoft*  ~ 

Windows 
Server  System 


Server  OS 

Windows  Server™ 

Operations  Infrastructure 

Systems  Management  Server 

Operations  Manager 

Internet  Security  &  Acceleration  Server 

Windows"'  Storage  Server 

Application  Infrastructure 

SQL  Server™ 

BizTalk®  Server 

Commerce  Server 

Host  Integration  Server 

Information  Work  Infrastructure 

Exchange  Server 

Content  Management  Server 

Office  SharePoint™  Portal  Server 

Office  Live  Communications  Server 

Opteron 
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tools. 
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source  for  the  latest  solutions  and  strategies,  complete  with 
links,  resources  and  the  personal  answers  you  need.  Covering 
vital  topics  such  as  security,  applications,  wireless  and  more,  our 
Webcasts  are  highly  focused,  single-topic  briefings  from  experts 
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•©>  Taking  on  Google.  With  all  the  success  Google  has  had  of  late,  we 
wouldn't  want  the  company  to  start  resting  on  its  laurels.  That's  why  it's  good  to 
see  new  competition  in  the  search  market.  Online  search  company  Vivisimo  has 
developed  an  engine  dubbed  Clusty  that  exploits  clustering  technology  to  satisfy 
user  queries. 


PeopleSoft  sacks  CEO  Conway 

■  PeopleSoft  CEO  Craig  Conway  last  week  was  shown  the  door  by 
the  company’s  board  of  directors,  who  immediately  replaced  him 
with  Dave  Duffield,  PeopleSoft’s  founder  and  chairman.  Conway’s 
dismissal  was  because  of  a  “loss  of  confidence”  in  his  ability  to 
lead,  the  company  said  in  a  statement.The  board  of  directors  also 
appointed  Kevin  Parker  and  Phil  Wilmington  as  co-presidents  and 
Aneel  Bhusri  as  vice  chairman  of  the  board.  Conway  has  been 
embroiled  for  the  past  15  months  in  Oracle’s  hostile  bid  for  the 
company  through  an  all-cash  offer  to  PeopleSoft’s  shareholders, 
now  valued  at  $7.7  billion.  In  July  Conway  blamed  PeopleSoft’s  sag¬ 
ging  profits  on  the  struggle  with  Oracle. 

BitDefender  takes  offense  at  false  ad 

■  Romanian  anti-virus  software  firm  BitDefender  was  angered  last  week  by  a  sponsored 
link  on  Google  based  on  searching  for  the  word  “BitDefender”  that  showed  McAfee  anti¬ 
virus  advertising  urging  “Remove  BitDefender  Virus.  Clean  your  PC  if  already  infected.” 
Quickly  responding  to  BitDefender’s  charges  of  “false  advertising  and  libel,”  McAfee  said 
it  was  all  an  innocent  mistake  borne  of  human  error  and  made  sure  the  “BitDefender 
virus”  ad  was  dropped.  McAfee  said  the  mistake  occurred  because  an  affiliate  partner 
doing  the  advertising  on  Google  had  pulled  the  name  “BitDefender”  from  McAfee’s  Virus 
Information  Library,  mistaking  the  name  “BitDefender”  as  the  name  of  a  virus  rather  than 
the  name  of  the  company  that  had  discovered  the  virus. 

Experts  report  IM-based  worm 

■  Security  experts  have  spotted  the  first  attempts  to  create  an  Internet  worm  that  prop¬ 
agates  using  instant  messages  and  exploits  a  recently  disclosed  flaw  in  Microsoft  soft¬ 
ware.  Researchers  at  The  SANS  Institute’s  Internet  Storm  Center  have  had  two  reports  of 
users  receiving  messages  on  AOL  Instant  Messenger  service  that  lured  them  to  Web  sites 
containing  malicious  code.  When  visiting  the  Web  sites,  the  malicious  code  would 
attempt  to  install“back-door” software  on  the  user’s  PC  that  gives  remote  attackers  total 
control  over  the  machine.  Additionally,  messages  containing  a  link  to  the  site  would  be 
sent  out  to  all  contacts  on  the  victim’s  instant  messenger  contacts  list.  The  malicious 
code  is  embedded  in  a  JPEG  image  and  exploits  a  security  flaw  in  the  way  many 
Microsoft  applications  process  such  images.  Microsoft  identified  and  patched  the  flaw 
on  Sept.  14,  but  users  have  complained  that  patching  is  onerous  because  several  appli¬ 
cations,  including  Office  and  Windows,  require  separate  patches. 


^2$  Picking  On  Harvard.  Dr.  John  Halamka,  CIO  of  CareGroup  Healthcare 
System  and  Harvard  Medical  School,  says  the  school’s  network  gets  attacked  about 
every  7  seconds. 

@  We  feel  your  pain.  Those  of  you  for  whom  HIPAA  has  become  a  four- 
letter  word  might  not  be  surprised  to  read  this  example  of  the  extremes  to  which 
such  privacy  protection  has  gone:  One  Network  World  staffer  reports  having  had 
to  sign  a  HIPAA  waiver . . . 
for  her  cal.  > 


StorageTek  snaps  up  Storability 

■  StorageTek  announced  last  week  that  it  has  acquired  Storability,  one  of  the  original 
storage  service  providers.  Storability  reorganized  in  2002  to  sell  the  storage  resource 
management  software  it  used  to  manage  customer  accounts.  The  company’s  Global 
Storage  Manager  software  will  be  added  to  StorageTek’s  information  life  cycle  manage¬ 
ment  software.This  is  not  the  first  time  the  two  companies  have  done  business.  In  2002, 
StorageTek  bought  Storability’s  Storage  Operations  Center  and  launched  a  remote  man¬ 
aged  service  offering.  Financial  terms  were  not  disclosed. 

Red  Hat  acquires  Netscape  assets 

■  Red  Hat  has  gone  scavenging  among  Netscape’s  remains,  agreeing  last  week  to  pay 
AOL  up  to  $23  million  for  the  assets  of  Netscape  Communications’  Security  Solutions 
unit.  The  deal  brings  Red  Hat  the  Netscape  Directory  Server  and  Netscape  Certificate 
Management  System.  Red  Hat  said  it  would  add  the  software  to  its  open  source  product 
portfolio  within  the  next  six  to  12  months.  The  Netscape  Directory  Server  is 
a  Lightweight  Directory  Access  Protocol  server  used  for  centrally  managing  application 
settings  and  access  controls,  while  the  Certificate  Management  System  handles  user 
authentication.  Red  Hat  expects  its  Netscape  acquisition  to  be  completed  in  its  current 
quarter,  which  ends  Nov.  30. 


COMPENDIUM 

Sad  goodbye  to  dial-up 

Martin  Geddes  reports  on  a  sad  byproduct  of  his  move  from  dial-up  to  DSL:  “Dear 
daughter  goes  la-la'  when  she  hears  music,  and  often  bobs  up  and  down  in  a  baby 
dance _ While  we  had  dial-up  Internet  last  week  I  had  the  sound  enabled  on  my  lap¬ 

top,  and  she  decided  this  was  a  big  la-la,  and  grinned  and  danced  every  time.  I  guess 
we  won't  be  seeing  any  more  of  that.  When  she’s  older  I'm  hoping  to  introduce  her 
into  more  melodious  harmonics  of  optical  fibre."  Hear  more  sweet  music  at 
www.nwfusion.com,  DocFinder:  4048. 


IBM  still  addressing  pension  dispute 

■  IBM  said  last  week  it  will  take  a  $320  million  charge  this  quarter  to  settle  some  claims 
and  cap  its  liability  on  others  in  a  long-running  class-action  dispute  about  changes 
made  in  the  1990s  to  its  pension  plan.  A  federal  judge  ruled  against  IBM  in  July  2003  on 
Cooper  et  al.vs.The  IBM  Personal  Pension  Plan  and  IBM  Corp.,a  case  charging  that  IBM’s 
move  from  a  defined-benefit  to  a  cash-balance  pension  plan  discriminates  against  older 
workers  because  they  have  less  time  available  before  retirement  than  younger  workers 
to  accrue  interest  on  the  contributions. The  controversial  ruling,  which  contradicted  a 
decision  on  a  similar  case  by  another  district  court,  could  have  a  ripple  effect  if  upheld 
at  the  appellate  level, as  companies  try  to  determine  the  legality  of  their  retirement  ben¬ 
efit  plans. 


How  would  you  react  if  someone  designed  converged  voice  equipment  around  your  needs? 

We  provide  no  disco  bail,  but  our  new  portfolio  of  future-ready  Sprint  business  communications  systems 
can  deliver  a  shiny  new  outlook  on  your  converged  communication  needs.  Our  equipment's  customer-centric 
design  and  future-ready  nature  is  primed  to  increase  office  productivity,  system  control  and  telecom 
cost-effectiveness.  Unfortunately,  employee  control  is  another  story.  Contact  us  today  to  learn  more  or  to 
locate  a  Sprint  Authorized  Dealer  near  you. 
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3Com,  Toshiba  launch  convergence  gear 


■  BY  PHIL  HOCHMUTH 

3Com  will  use  the  Internet 
Telephony  Expo  this  week  in  Los 
Angeles  to  launch  applications 
for  hardening  business  VoIP  net¬ 
works  and  expanding  user  capa¬ 
bilities,  while  Toshiba  will  unveil 
gear  to  make  employees  more 
productive  with  converged 
applications. 

From  3Com  comes  an  upgrade 
to  its  VCX  enterprise  IP  PBX  plat¬ 
form,  which  adds  remote-site 
failover  and  survivability  fea¬ 
tures  in  case  of  network  or  IP 
PBX  equipment  failure,  the  ven¬ 
dor  says.  Also,  3Com  says  its  new 
bundle  of  convergence  applica¬ 
tions  based  on  the  Session 
Initiation  Protocol  (SIP),  includ¬ 
ing  unified  messaging,  presence 
and  multimedia  conferencing, 
can  help  individual  employees 
work  more  efficiently 

3Com  is  launching  Version  5.0 
of  its  SIP-based  VCX  call  control 
software,  which  runs  on  its  VCX 
7000  IP  PBX  hardware  platform. 
The  new  software  now  runs  on 
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Toshiba's  new  Strata  GIX  IP  PBX 
supports  this  SIP-based  softphone 
client,  which  can  run  on  a  laptop 
or  PDA. 


the  Linux  operating  system  and 
Suns  Solaris,  which  gives  users 
the  option  of  using  an  Intel- 
based  server  as  an  IP  PBX,  in 
addition  to  Sun’s  proprietary 
server  platform. 

VCX  5.0  also  includes  a  feature 
called  Voice  Boundary  Routing, 
which  lets  IP  phones  distributed 
across  a  WAN  switch  over  to  a 
back-up  VCX  in  case  of  a  primary 


call  server  failure. When  deployed 
with  VCX  3000  gateways  in  a 
branch  office,  Voice  Boundary 
Routing  also  lets  IP  phones  in  that 
office  make  calls  through  the 
local  public  switched  telephone 
network  in  case  the  primary  WAN 
link  fails. 

3Com  says  Voice  Boundary 
Routing  is  better  than  competi¬ 
tive  technologies  such  as  Ciscos 
Survivable  Remote  Site  Tele¬ 
phony,  because  other  VoIP  surviv¬ 
ability  technologies  only  provide 
basic  local  call  features  to 
phones  when  a  WAN  link  goes 
down.  Voice  Boundary  Routing 
lets  local  gateways  provide  all 
VCX  call  features,  a  local-branch 
version  of  voice  mail  and  other 
applications. 

3Com  also  is  introducing  its 
Convergence  Application  Suite, 
which  includes  software  modules 
that  allow  for  SIP-based  messag¬ 
ing,  presence  and  conferencing 
applications  forVCX  7000  systems 
that  run  the  5.0  software. 

Features  such  as  IP  voice  or 
videoconferencing  with  docu¬ 


ment  sharing,  presence  manage¬ 
ment  and  instant  messaging  are 
accessed  through  3Com’s  new 
Convergence  Center  client,  which 
runs  on  Windows,  Macintosh  or 
Linux-based  desktops.  The  client 
lets  users  see  other  employees 
who  are  online  through  a  pres¬ 
ence  directory  view.  It  also 
includes  click-to-dial  and  drag- 
and-drop  call  transfer  features. 

VCX  5.0  was  beta-tested  at  the 
city  of  Waukesha, Wis.,  which  used 
Version  3.1  of  VCX  to  run  its  voice 
mail  system. The  city  is  migrating 
from  a  Centrex  telephone  system 
to  a  VCX-based  VoIP  network  that 
will  support  more  than  500  users 
and  will  be  managed  in-house. 

“This  system  is  much  easier  to 
work  with”  in  terms  of  making 
adds,  moves  and  changes,  says 
Greg  Vanness,  an  IT  technician 
with  the  city  He  says  the  VCX 
management  interface  lets  him 
add  or  change  extension  num¬ 
bers  and  voice  mailboxes  in  min¬ 
utes,  as  opposed  to  calling  the 
city’s  Centrex  provider  and  asking 
for  the  changes. 


Start-up  touts  SQL  back-up  product 


IDERA 

Location: 

Houston 

Product: 

SQLsafe,  back-up,  recovery  software. 

Founders: 

Rick  Pleczko,  president  and  CEO;  Rod  Endo,  vice 
president  of  operations;  and,  Mike  Clark,  vice 
president  of  sales  and  business  development. 

Founded: 

November  2002 

Funding: 

Austin  Ventures,  amount  not  disclosed. 

Number  of 
employees: 

50 

Fast  fact: 

The  company’s  name  is  based  on  the  word  “idea.” 

■  BY  DENI  CONNOR 

Start-up  Idera  last  week  intro¬ 
duced  disk-based  back-up  and 
recovery  software  for  Microsoft 
SQL  Server  that  the  company  says 
will  let  users  save  and  retrieve 
data  faster  than  tape-based 
approaches. 

Called  SQLsafe,  the  software 
compresses,  encrypts  and  backs 
up  data  to  disk  for  recovery  by 
database  administrators  (DBA) 
or  other  IT  staff.  The  product  is 
intended  for  organizations  that 
have  10  to  100  SQL  Server 
deployments. 

With  the  software,  DBAs  can 
perform  full,  incremental  or  dif¬ 
ferential  backups  of  active  SQL 
databases.  SQLsafe  backs  up 
data  to  disk  about  50%  faster 
and  recovers  the  data  10  times 
faster  than  tape,  the  company 
says.  It  complements  traditional 
tape-based  software  from  Veritas 
Software  and  Legato  Systems. 

Because  data  is  written  as  a 
disk  image  rather  than  tape 
image,  even  inexperienced 
DBAs  can  recover  data  if  a  fail¬ 
ure  or  corruption  occurs.  Idera 
says  IT  byte  of  data  can  be 
recovered  in  less  than  two 


hours.The  compression  technol¬ 
ogy  that  SQLsafe  uses  can 
reduce  storage  costs  by  as  much 
as  95%,  the  company  says. 

Pat  Mong,  technology  analyst 
at  glass  manufacturer  PPG 
Industries  in  Pittsburgh,  was 
looking  for  software  that  could 
compress  his  backed-up  data 
and  save  on  disk  costs  when  he 
encountered  Idera. 

“We  primarily  chose  SQLsafe 
because  of  the  disk  storage 
usage  issue,”  Mong  says. 

“A  lot  of  our  storage  is  on  an 
EMC  [storage-area  network]  that 


tends  to  be  very  expensive.  Any 
way  we  can  reduce  the  usage  of 
that  or  not  have  to  ask  for  more 
from  the  SAN  staff  helps  us  out 
from  a  bottom-line  perspective,” 
he  says. 

Mong  has  60  instances  of  SQL 
Server  running  on  dual-  and 
quad-processor  servers.  After 
testing  SQLsafe  on  these  servers, 
he  says  he  gets  70%  or  better 
compression. 

SQLsafe  is  installed  on  an  Intel- 
based  server,  where  it  backs  up 
multiple  target  SQL  Servers.  As 
new  SQL  Servers  are  added  to 


the  network,  SQLsafe  discovers 
them  and  adds  them  to  the 
back-up  queue.  A  central  re¬ 
pository  creates  a  history  of 
backups  and  restores. 

According  to  Idera,  the  com¬ 
pany  focused  on  SQL  Server  be¬ 
cause  it  is  the  fastest  growing 
relational  database.  Gartner  fore¬ 
casted  in  2003  that  SQL  Server 
comprised  almost  one-fifth  of 
the  relational  database  market, 
trailing  IBM  with  36%  and  Oracle 
with  33%. 

Idera  is  not  without  competi¬ 
tion.  Imceda  and  BMC  Software 
also  focus  on  SQL  Server  back¬ 
ups.  However,  Imceda  differs 
from  Idera  in  that  features  such 
as  encryption  are  not  a  standard 
part  of  its  software. 

Idera  also  makes  migration, 
configuration  management  and 
performance  monitoring  soft¬ 
ware  specifically  for  SQL  Server. 

SQLsafe  works  with  SQL  Server 
v7.0  SP3+,  SQL  Server  200  Stan¬ 
dard  Edition,  SQL  Server  2000 
Enterprise  Edition,  and  SQL 
Server  2000  Desktop  Edition 
SP3a+. 

The  software  is  licensed  per 
instance  of  SQL  Server  for 
$995.  ■ 


Vanness  says  the  city  has  no 
current  plans  to  deploy  any  of  the 
new  VCX  applications  and  fea¬ 
tures  announced  this  week. 

The  new  3Com  VCX  5.0  and 
conferencing  applications  range 
from  $70  to  $200  per  user.  A  VCX 
7000  with  the  5.0  software  costs 
about  $500  per  line,  not  including 
IP  phone  costs.  All  the  3Com 
products  are  available  now. 

While  3Com  goes  after  large 
businesses,  Toshiba  is  targeting 
shops  with  fewer  than  200  users 
with  its  latest  Strata  CIX  offering. 
The  box  is  a  dual-processor  IP 
PBX  that  can  handle  SIP-  and 
Media  Gateway  Control  Protocol 
(MGCP)-based  IP  endpoints, 
and  legacy  digital  phones  that 
worked  with  Toshiba’s  old  key 
telephone  systems. 

Along  with  this  new  platform, 
Toshiba  also  is  introducing  its 
Strata  Media  Application  Server 
(MAS).  This  Windows-based 
server  supports  the  vendor’s 
new  FeatureFlex  applications, 
which  include  SIP-based  pres¬ 
ence  management  and  confer¬ 
encing,  and  call  routing  and 
screening  features. 

Toshiba  makes  a  line  of  IP 
phones  that  use  the  MGCP  VoIP 
protocol  and  support  the  full  set 
of  features  and  functions  on  the 
Strata  CIX.  Third-party  SIP  phones 
will  work  with  the  Strata  CIX,  but 
more  advanced  features  such  as 
presence  and  caller  ID  are  not 
supported.  All  features  are  sup¬ 
ported  on  Toshiba  digital  hand¬ 
sets  attached  to  a  Strata  CIX. 

Toshiba  also  is  introducing  a 
softphone  client  that  works  with 
the  Strata  CIX  and  runs  Strata 
MAS  applications. 

The  Toshiba  Strata  CIX  costs 
about  $500  per  line  not  includ¬ 
ing  phones.  Pricing  was  not 
available  for  the  Strata  MAS  and 
FeatureFlex  applications.  The 
new  Toshiba  products  are  ex¬ 
pected  to  be  available  in  the  first 
quarter  of  2005.  ■ 


More  online! 


Get  the  inside  scoop  from  Senior  Editor 
Phil  Hochmuth  on  how  convergence  will 
affect  you  with  our  IT  Briefing  Webcast. 
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Middleware  is  Everywhere.  Can  you  see  it? 


1.  Player  attempts  30-foot  chip. 

2.  Operator  measures  distance. 

3.  Stats  entered  into  PDA. 

4.  SHOTLink  truck  transmits  data. 

5.  Broadcaster  broadcasts  a  “birdie!’ 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Fans,  broadcasters, 
even  players,  are  accessing  every  shot  at  PGA  TOUR® 
events  online  -  in  real  time.  The  scalable  multiplatform 
technology  of  IBM  DB2  integrates  and  manages 
information,  allowing  SHOTLink,  the  PGA  TOUR’S  ball¬ 
following  technology,  to  uplink  and  downlink  every  shot, 
run  all  the  numbers  and  tell  the  entire  story-  hole  by  hole. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/information  [jJJ]  DEMAND  BUSINESS 
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Citadel,  Preventsys  sharpen 
vulnerability-assessment  tools 

Network  protection 

Citadel  Security  Software  and  Preventsys  are  upgrading  their  vulnerability-assessment 
products  to  help  network  managers  better  prioritize  fixes. 


Company 

Product 

What’s  new 

Pricing 

Citadel 

Hercules  3.5 

AssetGuard,  which  automates 
inventory  management  and 
vulnerability  remediation. 

$499  perWindows  server, 
$999  per  Unix  server;  $99 
per  workstation. 

Preventsys 

Enterprise  Security 
Management 

PreemptiveThreat  Defense, 
which  adds  threat  prioritization. 

$250,000 

Entrust 

targets 

improper 

e-mail 

■  BY  ELLEN  MESSMER 

Entrust,  best  known  for  its  en¬ 
cryption  technology,  last  week 
introduced  an  appliance  that 
works  alongside  e-mail  servers 
to  scan  for  inappropriate  con¬ 
tent  entering  or  leaving  an 
organization. 

The  Entelligence  Compliance 
Server  is  designed  to  spot  con¬ 
tent  contained  in  about  300  types 
of  mail-attachment  formats  and 
take  a  variety  of  steps  to  flag  con¬ 
tent  that  might  violate  corporate 
policy 

The  Linux-based  appliance  can 
notify  a  security  officer  about  sus¬ 
pect  content  or  block  it,  or  shoot 
a  message  back  to  the  sender 
with  a  question  in  it,  Entrust  says. 

Suspect  content  might  pertain 
to  sensitive  personal  data,  finan¬ 
cial  records  or  intellectual  prop¬ 
erty  Automating  the  inspection 
process  is  critical  to  regulatory 
compliance  because  “you  can’t 
rely  on  individuals  for  accessing 
the  content  of  the  e-mail  and 
characterizing  it  as  important," 
says  Entrust  CEO  Bill  Connor. 

The  Compliance  Server  also  is 
designed  to  snag  content  that 
might  lead  to  sexual-harassment 
lawsuits. 

Entrust  has  made  changes  to 
another  product  as  well.  The  En¬ 
telligence  Messaging  Server  now 
automatically  will  encrypt  e-mail 
messages  that  the  Compliance 
Server  flags  as  “sensitive.” 

Entrust  joins  the  ranks  of  other 
firms,  including  start-ups  such  as 
Vericept  and  Vontu,  as  well  as 
security  giant  McAfee,  that  have 
products  for  identifying  content 
that  violates  corporate  policy 

The  Compliance  Server  costs 
$35,000.  ■ 


More  online! 


Attend  Network  Security:  Structuring  an 
Aggressive  Defense.  A  security  event 
focused  on  every  element  needed  for 
enterprise-wide  protection. 
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■  BY  ELLEN  MESSMER 

A  pair  of  vulnerability-assess¬ 
ment  and  remediation  tool 
vendors  are  separately  upgrad¬ 
ing  their  products  so  that  cus¬ 
tomers  more  easily  can  priori¬ 
tize  which  networked  systems 
need  to  be  fixed. 

Citadel  Security  Software  says 
Version  3.5  of  its  Hercules  desk¬ 
top  and  server  software  includes 
new  technology  called  Asset- 
Guard  that  helps  companies  de¬ 
termine  what  needs  fixing  by 
examining  vulnerability-assess¬ 
ment  data  collected  from  assort¬ 
ed  scanners  against  an  inventory 
of  applications  running  on  the 
network.  Based  on  pre-written 
policies,  fixes  can  be  prioritized. 

Hercules  3.5  aggregates  data 
from  scanners  such  as  those  from 
eEye  Digital  Security,  Foundstone 
and  Internet  Security  Systems. 

Other  enhancements  include 
the  ability  to  query  Hercules’ 
management  console  for  infor¬ 
mation  about  what  types  of 


computers  with  specific  vulner¬ 
abilities  are  running  on  a  sub¬ 
net  and  then  scheduling  reme¬ 
diation  efforts. 

Meanwhile,  competitor  Prevent¬ 
sys  has  upgraded  its  Linux-based 
Enterprise  Security  Management 
appliance,  which  also  gathers  vul¬ 
nerability-assessment  data  from 
scanners. 

New  technology  called  Pre¬ 
emptive  Threat  Defense  takes 
what’s  known  about  the  organiza¬ 
tion’s  computer  assets  and  risks 
and  compares  that  against  ongo¬ 


ing  attack  information  from  intru¬ 
sion-detection  systems. 

“It  can  now  look  at  the  real-time 
flow  of  threat  data,  and  then  dis¬ 
patch  tickets  out  of  a  workflow 
system  based  on  rules,  explaining 
why  it  should  be  changed,”  says 
Preventsys  CEO  Tom  Rowley 

Mark  Byford,  manager  of  tech¬ 
nical  information  systems  at  St. 
John  Health  System,  says  he  pri¬ 
marily  uses  Preventsys  gear  to 
automate  the  consolidation  of 
information  from  scanners,  in¬ 
cluding  the  open  source  Nessus 


system. The  data  is  used  to  deter¬ 
mine  the  most  critical  vulnera¬ 
bilities  on  the  Tulsa,  Okla.,  out¬ 
fit’s  network  of  130  servers  and 
3,000  desktops. 

“Before,  our  reporting  was 
manual,”  Byford  says.  “But  we 
need  to  have  reports  we  can 
show,”  especially  because  the 
Health  Insurance  Portability  and 
Accountability  Act  now  has 
established  requirements  for 
protecting  patient  records  and 
for  the  security  and  auditing  of 
systems.  ■ 


SurfControl  turns  a  trick  on  phishers 


BY  CARA  GARRETSON 


In  response  to  the  grow¬ 
ing  threat  that  phishing 
poses  to  e-mail  users,  Surf¬ 
Control  plans  to  upgrade  its 
e-mail  filter  to  catch  these 
attacks,  and  flag  more  spam 
and  other  abuses. 

SurfControl’s  E-mail  Filter 
5.0,  slated  for  release  next 
week,  has  been  designed  to 
trap  phishing  attacks,  in 
which  e-mail  users  receive 
messages  that  appear  to 
come  from  a  bank  or  retailer  asking  them  to 
divulge  personal  or  financial  information  and 
end  up  victims  of  identity  theft. 

E-mail  Filter,  which  can  be  installed  at  an 
organization’s  mail  server  or  gateway  has  been 
upgraded  to  include  the  company’s  URL 
Category  Database. This  database  lists  known 
phishing  sites  and  sites  that  disseminate  spy- 
ware  and  other  malicious  code,  says  Paris 
Trudeau,  SurfControl’s  senior  product  market¬ 
ing  manager. 

By  including  this  database,  which  also  is  part 
of  SurfControl’s  Web  filter  product,  the  upgrad¬ 
ed  e-mail  filter  can  scan  incoming  messages 
for  these  URLs  and  delete  them  or  store  them 
in  a  quarantine  folder,  depending  on  how  an 
organization  configures  the  filter, Trudeau  says. 


Since  January, 
SurfControl  has 
witnessed  a 


500% 

growth  in  the  number 
of  phishing  attacks  on 
the  mailboxes  its 
product  protects, 
company  officials  say. 


SurfControl’s  threat  com¬ 
mand  centers  find  these 
malicious  Web  sites  by 
searching  for  URLs  embed¬ 
ded  in  messages  that  land 
in  its  network  of  honeypot 
e-mail  accounts  —  phony 
accounts  set  up  to  attract 
unwanted  email  —  and  by 
using  artificial  intelligence. 
Whenever  such  URLs  are 
found,  SurfControl  pushes 
software  updates  to  its  cus¬ 
tomers  so  the  email  filter 
can  trap  messages  that 
include  these  links, Trudeau  adds. 

In  addition  to  Version  5.0’s  ability  to  scan 
incoming  email  in  a  variety  of  foreign  lan¬ 
guages,  one  beta  tester  says  he  is  impressed 
with  the  filter’s  protection  from  denial-of-ser- 
vice  (DoS)  attacks.  Version  5.0  lets  users  set 
limits  for  maximum  number  of  connections 
coming  from  the  same  IP  address  in  a  certain 
time  frame,  for  example. 

“Although  we  use  the  [real-time  black  hole 
list]  option,  the  transient  nature  of  the  beast 
means  that  we  still  see  mass  mailing  attempts 
from  time  to  time,”  says  Ed  Concannon,  net¬ 
work  analyst  with  Computer  Sales  Inter¬ 
national,  a  technology  leasing  company“The 
[DoS]  option  will  let  us  block  an  address  for  a 
pre-determined  amount  of  time,  which  means 


less  administration  on  my  part.” 

Version  5.0  also  features  enhancements  to 
the  company’s  spam-detection  tools.  These 
include  digital  fingerprints  that  classify  spam 
into  1 7  categories,  making  incoming  unwant¬ 
ed  messages  easier  to  identify;  heuristics  that 
look  for  telltale  signs  of  spam  in  a  message’s 
content;  LexiRules,  which  use  advanced 
Boolean  techniques  to  develop  spam-catch¬ 
ing  rules;  and  an  update  to  the  company’s 
neural  network  technique  that  weeds  out 
spam  related  to  gambling  and  adult  content. 

E-mail  Filter  5.0  ranges  in  price  depending 
on  the  size  of  an  organization;  a  company 
with  500  users  would  pay  $19  per  user.  The 
Anti-Spam  Agent  and  URL  Category  List  are 
sold  as  a  combined  optional  plug-in,  which  is 
free  for  the  first  year  and  costs  $9.50  per  user, 
per  year, starting  the  second  year. 

SurfControl  competes  with  anti-spam  filter 
makers  such  as  Symantec  and  MailFrontier, 
and  with  e-mail  security  appliance  vend¬ 
ors  including  IronPort  Systems  and  Cipher- 
Trust. 

This  week  SurfControl  also  plans  to  release 
an  email  gateway  appliance  called  RiskFilter, 
a  mail  transfer  agent  that  filters  spam,  viruses 
and  other  security  threats. 

RiskFilter  is  priced  starting  at  $26,000  for  up 
to  2,000  users  and  $49,000  for  up  to  5,000 
users,  plus  an  annual  subscription  fee  of  50% 
of  the  initial  charge.* 
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Spam  and  virus  protection  at  an  affordable  price. 

•  No  per  user  license  fees 

•  Prices  starting  at  $1 399 

•  Powerful,  enterprise-class  solution 
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Cisco  VoIP  deal  makers  and  breakers 

Cisco  is  on  a  roll  with  some  recent  high-profile  IP 
telephony  customer  wins,  but  the  vendor  also  has  hit 
bumps  along  the  way  with  other  customers: 

September  2004:  In  Cisco's  largest  IP  telephony  deal  yet,  the  Bank 
of  America  said  it  will  replace  362  PBXs  in  more  than  5,000  offices 
with  Cisco  gear  and  put  Cisco  IP  phones  on  180,000  employees’  desks. 

September  2004:  Ford  Motor  and  SBC  say  they  will  deploy  a  Cisco- 
based  IP  telephony  network  for  50,000  workers. 

September  2004:The  state  of  Alaska  terminates  a  $100  million 
contract  with  carrier  Alaska  Communications  Systems  to  deploy 
20,000  Cisco  IP  phones  to  nearly  all  state  facilities. 

August  2004:  The  city  of  San  Jose  is  forced  to  cancel  plans  for  a 
Cisco  IP  telephony  rollout  in  its  new  city  hall  after  auditors  discovered 
the  project's  bidding  process  unfairly  favored  Cisco.The  city's  CIO 
resigned  and  the  project  was  put  out  for  bid  again  as  a  result. 

July  2004:  Boeing  says  it  will  put  in  150,000  Cisco  IP  phones  over 
the  next  three  years. 

June  2003:  Merrill  Lynch  announces  plans  to  pull  out  thousands 
of  Cisco  IP  phones  and  IP  PBXs  in  favor  of  IP  andTDM-based 
gear  from  Avaya.  Cisco  was  removed  because  its  handsets  only 
supported  IP. 


Cisco 
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the  years  we’ve  been  studying 
them, "says  Cliff  Naugh  ton,  director 
of  network  services  for  Boeing’s 
Shared  Services  Group.  Cisco  Call- 
Managers  have  been  running  in 
various  pilot  deployments 
throughout  Boeings  network 
since  1999,  when  Cisco  first 
entered  the  market.  Past  problems 
with  the  technology  included 
scaling  — -  such  as  problems  in 
supporting  more  than  100,000 
phone  extensions  —  and  missing 
features  that  were  common  on 
many  traditional  PBX  products,  he 
says. 

“We’ve  worked  through  those  sit¬ 
uations,  and  right  now  were  feel¬ 
ing  very  confident  about  the  tech¬ 
nology’  Naughton  says. 

Network  upgrades  in  WANs  by 
companies  such  as  Boeing  and 
Bank  of  America  also  have 
paved  the  way  for  the  IP  tele¬ 
phony  services. 

Boeing  recently  switched  from 
an  ATM  and  frame  relay  WAN  to  a 
Multi-protocol  Label  Switching 
(MPLS)-based  network  managed 
by  Sprint. 

“Right  now  we’ve  got  an  any-to- 
any  model,”  Naughton  says.  This 
lets  any  location  in  the  network 
communicate  over  IP  through  the 
MPLS  mesh  service  rather  than 
the  hub-and-spoke  topology  of 
the  past  frame  relay  network.“This 
network  has  QoS,  and  we’ve  al¬ 


ready  moved  a  lot  of  internal 
long-distance  traffic  onto  it,”  he 
says.“It  will  also  make  it  that  much 
easier  to  connect  sites  as  we  [in¬ 
stall]  IP  telephon/ 

As  for  Bank  of  America,  it  re 
cently  replaced  its  ATM  backbone 
and  T-l  and  T-3  branch  connec¬ 
tions  with  a  nationwide  optical 
network.  It  now  has  4,200  offices 
connected  to  an  optical  back¬ 
bone  based  on  Cisco  ONS  15454 
switches. 


According  to  printed  statements 
by  Bank  of  America  IT  executives, 
the  optical  backbone  is  doing 
more  than  just  leading  its  VoIP 
rollout.  It  also  has  been  integral  in 
helping  the  bank  take  on  the 
enormous  additional  IT  burden 
from  its  recent  acquisition  of  Fleet 
Bank. 

Legacy  integration 

A  shift  in  convergence  strategy 
and  message  by  Cisco  might  be 
another  reason  large  businesses 
are  adopting  the  technology. 
While  most  large  companies 
want  a  strategy  to  migrate  PBXs 
from  TDM  to  IP  over  time,  “that 
was  not  the  message  Cisco  had  in 
the  past,”  says  Brian  Riggs,  an  ana¬ 
lyst  with  Current  Analysis.  “It  was 
more  like,  rip  out  your  PBX  and 
put  in  CallManager!’ 

He  says  Cisco’s  approach  to  cus¬ 
tomers  now  is  to  work  Call- 
Managers  into  telephony  net¬ 
works  alongside  the  big-iron  PBXs 
that  eventually  will  be  retired. 

Cisco  also  made  changes  to  its 
CallManager  software  earlier  this 
year  that  make  it  easier  for  Cisco 
IP  PBXs  to  run  parallel  to  TDM- 
based  PBX  systems,  Riggs  says. 
Previous  CallManager  versions 
offered  limited  support  for  a  pro¬ 
tocol  called  Q  Signaling  (QSIG),a 
standard  for  PBX  signaling.  But 
CallManager  4.0  expanded  this 
greatly,  letting  CallManagers  inter¬ 
operate  with  a  larger  number  of 
PBXs  and  support  more  features, 
such  as  caller  ID  and  conferenc¬ 
ing,  across  the  platforms. 

“Cisco’s  story  now  is  that  they 
will  use  QSIG,  analog  gateways 
and  whatever  technologies  they 


can  to  help  customers  migrate 
more  slowly’  Riggs  says. 

This  legacy  integration  will  be 
important  for  the  likes  of  Bank  of 
America  and  Boeing,  which  have 
hundreds  of  old  PBXs  that  must 
stay  in  service  as  the  new  gear  is 
installed. 

“This  is  not  a  big  bang  or  forklift 
type  of  approach,”  Boeing’s 
Naughton  says.  “We’re  expecting 
this  to  be  a  five-  to  seven-year 
migration.” 

Boeing  uses  more  than  125 
PBXs  throughout  its  network.  In  its 
large  manufacturing  campuses 
and  headquarters,  carrier-class 
Class  5  phone  switches  from 
Lucent  also  are  running. 

“We’ve  triaged  these  [PBXs  and 
switches]  into  old  systems,  really 
old  systems,  and  systems  we 
absolutely  have  to  do  something 
about,”  Naughton  says.  “We’re  also 
being  opportunistic  about  putting 
in  new  systems.” 

That  means  any  time  a  Boeing 
group  changes  facilities  or  moves 
into  a  new  building,  a  Cisco  IP 
PBX  and  phones  will  follow. 

Hitting  home  with  VoIP 

One  of  the  biggest  challenges 
for  large  companies  moving  to  IP 
telephony  will  be  migrating  very 
large  campuses  or  headquarter 
sites.  Typically  large  IP  telephony 
installations  have  involved  replac¬ 
ing  a  few  hundred  or  thousand  IP 
phones  at  remote  sites  tied  to¬ 
gether  via  a  WAN.  The  largest  sin¬ 
gle-site  and  campus  deployments 
of  a  Cisco  IP  network  today  is  still 
Cisco’s  40,000-seat  headquarter 
campus  in  San  Jose. 

Boeing  says  it  won’t  be  turning 
on  CallManagers  on  that  scale  for 
some  time. 

“We  have  not  yet  turned  over 
any  of  our  carrier  switches  in  our 
large  campuses,”  Naughton  says, 
and  he  is  in  no  rush  to  make  that 
change.  “The  way  we  hope  to  do 
this  in  larger  sites  is  to  work  from 
the  edge  in.” 

This  means  continuing  to  con¬ 
vert  branches  and  remote  offices 
to  IP  telephony  and  saving  for  last 
the  big  changeovers  in  the  com¬ 
pany’s  Chicago  headquarters  and 
Seattle  manufacturing  campuses. 

Changes  in  Cisco’s  sales  strategy 
also  might  help  the  company  get 
the  larger  deals.  Riggs  says  some 
of  the  perception  in  the  industry 
that  Cisco  IP  telephony  gear  was 
technically  lacking  might  have 
been  because  of  poorly  installed 
systems  by  the  flood  of  Cisco  part¬ 
ners  authorized  to  resell  the  tele¬ 
phony  gear.  Two  years  ago,  Cisco 
revamped  its  training  and  certifi¬ 
cation  requirements  for  channel 
partners  and  integrators  to  install 


Cisco  IP  telephony  products. 

“This  got  rid  of  some  poor¬ 
performing  systems  integration 
companies,”  Riggs  says.“What  was 
left  was  a  smaller  but  stronger  set 
of  partners.” 

Competition  on  notice 

While  Cisco’s  Boeing,  Ford  and 
Bank  of  America  deals  certainly 
have  put  telephony  competitors 
on  alert,  those  vendors  say  they 
are  not  worried  about  these 
recent  gains. 

“Obviously  one  hates  to  see  any 
big  deal  go  to  the  other  gu>[’  says 
Alex  Pierson,  general  manager  of 
enterprise  business  networks  for 
Nortel. 

Pierson  says  Nortel  is  evolving 
its  IP  telephony  strategy  to  meet 
the  needs  of  larger  companies 
that  might  be  getting  closer  to  tak¬ 
ing  the  IP  plunge. 

“Certainly  our  initial  strategy 
was  to  protect  our  installed  base,” 
of  PBX  users,  he  says.  Now,  the 
company  is  more  aggressively 
marketing  all-IP  products.  It  also 
recently  introduced  an  upgrade 
to  its  Succession  Communica¬ 
tions  Server  IP  PBX,  letting  it  scale 
to  200,000  IP  endpoints. 

Pierson  says  Nortel’s  customers 
are  signing  on  to  this,  citing  recent 
hybrid  IP/TDM  PBX  deals  with  the 
state  of  Virginia  and  the  U.S.  De¬ 
partment  of  Defense. 

Another  competitor  says  there  is 
still  something  to  be  said  for  hav¬ 
ing  the  ability  to  blend  TDM  and 
IP  on  one  phone  switch.  Ac¬ 
cording  to  Jorge  Blanco,  Avaya’s 
vice  president  of  product  market¬ 
ing,  the  ability  of  his  company’s 
products  to  support  IP  and  legacy 
digital  sets  is  still  appealing  to 
many  customers. 

It’s  something  Cisco  still  can’t 
do,  which  led  to  a  large  Avaya  win 
at  Merrill  Lynch  last  year. The  bro¬ 
kerage  giant  decided  to  replace 
the  Cisco  VoIP  system  it  installed 
in  2001  with  a  mix  of  Avaya  IP  and 
digital  PBX  phones.  Merrill  Lynch 
said  the  pullback  was  because  of 
security  concerns  about  having 
all  its  voice  and  data  applications 
running  on  IP 

Blanco  says  this  hybrid  ap¬ 
proach  “is  much  less  disruptive 
than  having  to  visit  every  desk¬ 
top”  and  switch  the  phone  from  a 
digital  set  to  IP 

“This  also  lets  you  get  to  conver¬ 
gence  quicker  without  having  to 
wait  for  a  vendor  to  reinvent  fea¬ 
tures  and  functionality  that  have 
been  in  place  for  years”  on  exist¬ 
ing  PBX  products,  he  says.  ■ 

Get  more  information  online. 
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Vendors  tout  SSL 
remote-access  gear 

&  BY  TIM  GREENE 

Three  Secure  Sockets  Layer  remote-access  vendors  are  upgrading 
their  equipment,  one  with  software  enhancements  and  two  with  new 
hardware. 

Aventail  is  upgrading  its  SSL  remote-access  gear  to  give  end  users 
varying  levels  of  access  to  corporate  networks,  depending  on  the  secu¬ 
rity  rating  of  the  computer  they  use. 

Part  of  Aventails  ASAP  8.0  software  release, this  feature  checks  the  sta¬ 
tus  of  the  operating  system  on  the  remote  machine  before  it  authenti¬ 
cates  the  user,  and  based  on  the  information  it  receives  assigns  the 
machine  to  a  security  zone.  If  the  operating  system  is  unpatched,  users 
might  get  very  limited  access.  If  it  is  in  compliance,  users  might  get 
fuller  access  by  being  assigned  to  different  zones. 

These  zones  are  defined  by  sets  of  security  parameters  including 
what  subset  of  corporate  resources  is  available  to  users  assigned  to  the 
zone.These  parameters  also  can  include  whether  the  remote  machine 
can  connect  via  browser  only  browser  aided  by  a  Java  applet  or  using 
a  full  remote-access  client.  The  software  can  further  determine  how 
data  sent  during  a  remote-access  session  is  protected.This  can  be  done 
by  purging  caches  when  the  session  ends,  or  creating  a  secure  desktop 
or  “sandbox”  that  is  destroyed  when  the  user  logs  off,  leaving  no  history 
of  the  session. 

Competitor  Juniper  is  trying  to  offer  this  functionality  by  publishing 

See  SSL,  page  72 
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AT&T  expands 
network  globally 

■  BY  DENISE  PAPPALARDO 

AT&T  last  week  announced  network  expansion  initiatives  that  in¬ 
clude  extending  the  reach  of  its  Multi-protocol  Label  Switching  net¬ 
work  in  Asia  and  South  America,  boosting  IP  capacity  in  the  northwest 
U.S., increasing  the  reach  of  remote  access  services  and  deploying  four 
new  data  centers  overseas. 

“We  re-prioritized  our  network  investment  from  a  global  perspective,” 
says  Eric  Shepcaro,  AT&T’s  vice  president  of  business  strategy  and 
development.The  reprioritization  is  based  on  AT&T’s  strategy  of  being 
focused  on  business  customer’s  needs,  he  says. 

AT&T’s  MPLS  network  now  reaches  50  countries  and  includes  addi¬ 
tional  nodes  in  China  and  India. 

‘AT&T  has  always  had  a  presence  in  China,”  says  Bryan  Van  Dussen, 
director  of  telecommunications  research  at  The  Yankee  Group.  “But 
China  is  vitally  important  when  you  consider  the  country’s  population 
and  potential  for  growth.”  Network  expansion  in  India  is  equally  impor¬ 
tant  for  AT&T, Van  Dussen  says,  especially  when  you  consider  how  infre¬ 
quently  U.S.-based  carriers  are  investing  in  networks  overseas. 


C  x 

AT&T  network  investment 

Here’s  a  quick  look  at  the  carrier’s  recent  network 
expansion. 

•  Extending  MPLS  network  intoThailand  and  Costa  Rica. 

•  Adding  MPLS  nodes  in  China  and  India. 

•  Offering  mobile  disaster  recovery  in  Europe. 

•  Deploying  OC-768  fibers  between  Seattle  and  San  Francisco. 

•  Offering  Wi-Fi  support  through  4,000  hot  spots. 

•  Metropolitan  Ethernet  at  1,200  buildings  around  the  world. 

•  DSL  support  at  8,000  central  offices. 

v _ ) 


AT&T  also  announced  recently  that  it’s  expanding  its  MPLS  network 
in  Mexico  through  a  partnership  with  Alestra,  a  telecom  company  that 
is  49%  owned  by  AT&T  and  51%  owned  by  a  conglomerate  in  Mexico. 

The  carrier  also  has  beefed  up  its  hosting  presence  overseas  with  a 
new  data  center  in  London  and  another  in  Tokyo.  AT&T  now  has  two 
data  centers  in  each  city  And  for  the  first  time  AT&T  is  offering  hosting 
services  in  Paris  and  Frankfurt,  Germany  with  a  data  center  in  each  city 

Customers  in  Europe  will  have  AT&T’s  mobile  Network  Disaster 
Recovery  services  available  when  disasters  strike.  Until  now,  AT&T  only 
had  its  fleet  of  trucks  and  trailers  ready  to  roll  at  a  moment’s  notice  in 
the  U.S.  to  hurricane  or  flood  sites  to  restore  network  services. 

AT&T  also  has  teamed  with  multiple  service  providers  to  expand  the 
reach  of  its  metropolitan  and  remote  access  services,  including  Ether¬ 
net,  Wi-Fi  and  DSL.The  carrier  has  increased  the  number  of  buildings  it 
can  reach  with  metropolitan  Ethernet  services  from  600  in  the  U.S.  to 
1,200  around  the  world  through  an  agreement  with  service  provider 
STSN.lt  has  increased  the  number  of  Wi-Fi  hot  spots  available  to  AT&T 
customers  from  2,900  to  4,000  through  its  agreement  with  STSN. 

AT&T  has  Ethernet  and  Wi-Fi  roaming  agreements  with  GoRemote 
(formerly  Gric  Communications).  AT&T  now  supports  DSL  services 
from  8,000  central  office  switch  sites,  compared  with  6,300  earlier  this 
year.  The  carrier  has  increased  its  DSL  reach  through  an  agreement 
with  New  Edge  Networks.  It  also  works  with  Covad  Communications  to 
offer  DSL  services. 

The  carrier  recently  deployed  Siemens  Dense  Wavelength  Division 
Multiplexing  gear  to  support  an  OC-768  fiber  between  San  Francisco 
and  Seattle.  AT&T  says  the  link  supports  up  to  40G  bit/sec  on  one  fiber 
strand. 

AT&T’s  OC-768  deployment  “validates  that  traffic  continues  to  grow;” 
Van  Dussen  says.The  area  between  San  Francisco  and  Seattle  is  one  of 
the  largest  for  Internet  growth  ■ 
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site-licensed  software  installed,” 
says  Rodney  Petersen,  coordina¬ 
tor  for  the  Security  Task  Force  at 
Educause,  a  nonprofit  associa¬ 
tion  of  1,900  schools  that  pro¬ 
motes  IT  in  higher  education. 

Microsoft  offers  licensing  op¬ 
tions  for  student  machines  but 
the  cost  is  prohibitive,  with 
requirements  to  cover  entire 
departments  or  entire  campuses. 
Few  schools  subscribe, according 
to  Educause. 

The  problem  joins  a  list  of  grow¬ 
ing  Windows-patching  chal¬ 
lenges  in  specific  industries.  In 
July,  Network  World  uncovered 
potentially  life-threatening  patch 
problems  that  plague  the  health¬ 
care  industry  (www.nwfusion. 
com,  DocFinder:  4047). 

Educause’s  Security  Task  Force 
is  encouraging  Microsoft  to  adapt 
to  the  unique  relationship 
schools  have  with  students 
through  licensing  revisions  or 
modifications  to  Microsoft’s  soft¬ 
ware  distribution  technology 

The  higher-education  commu¬ 
nity  has  solutions  in  mind  but  is 
skeptical  of  Microsoft,  which  has 
promised  a  long-term  remedy  but 
has  yet  to  provide  details. 

Some  say  the  solution  should 
combine  flexibility  in  both  deliv¬ 
ering  patches  to  machines  not 
owned  by  the  university  and  how 
it  can  be  done. 

“Educational  institutions  are 
looking  for  more  flexibility  to 
secure  the  entire  network,” 
Petersen  says.“They  don’t  want  to 
rely  on  students  getting  a  CD  or 
going  to  an  update  server” 

Many  users  are  trying  work¬ 
arounds  using  methods  that 
don’t  scale,  including  Active  X 
controls  for  rudimentary  patch 
assessments,  or  don’t  work  well. 
Products  that  perform  security 
checks  before  allowing  access 
typically  require  client-side  code, 
which  is  impossible  to  load  on 
student  machines  new  to  cam¬ 
pus.  Remote  security  scans  also 
are  difficult  because  many  stu¬ 
dents  use  personal  firewalls. 

What  complicates  the  matter 
further  is  that  Microsoft  is  legally 
required  to  track  software  it  dis¬ 
tributes  in  case  of  a  recall.  If 


Correction 


■  The  story  "Cisco  offerings 
target  small  firms"  (Sept.  20, 
page  32)  incorrectly  stated 
that  the  Catalyst  4948  LAN 
switch  supports  power  over 
Ethernet. 


Student 

computing 

A  September  report  by 
nonprofit  association 
Educause  shows  that  a 
large  percentage  of 
students  during  the  2003 
school  year  were  using 
their  own  computer, 
desktops  that  universities 
are  unable  to  manage. 

Percentage  of  students  using 
their  own  computers* 


60% 

50% 

53% 

40% 

2002 

30%  - 

20%  - 

10%  - 

0% 

65% 


2003 


*Data  represents  those  schools  for 
which  data  was  available  for  both  years. 


schools  re-distributed  patches 
they  would  have  to  log  and  track 
each  user,  including  those  that 
leave  the  university  system. 

Microsoft  also  closely  guards 
distribution  to  secure  the  integ¬ 
rity  of  the  software. 

Company  officials  said  in  a 
statement  that  they  are  “working 
closely  with  their  higher-educa¬ 
tion  customers  on  this  and 
exploring  options  to  meet  the 
unique  needs  of  the  campus 
computing  environment.” 

The  situation  has  been  building 
over  the  past  12  months  of  worm 
and  virus  outbreaks  and  came  to 
a  head  in  August  when  Microsoft 
released  Windows  XP  Service 
Pack  2  (SP2). 

In  response,  Microsoft  bent  its 
own  rules  to  foster  installation  of 
XP  SP2  by  creating  the  Higher 
Education  Voluntary  Distrib¬ 
ution  Program,  which  provided 
the  SP2  code  via  an  allotment  of 
free  CDs  for  universities  to  dis¬ 
tribute  to  students.  The  program 
ends  Nov.  30. 

However,  schools  want  a  long¬ 
term  plan  to  easily  and  affordably 
distribute  patches  to  students. 

“The  current  license  model  is 
aggressive  for  campuses,”  says 
Jack  Suess,  CIO  at  the  University 
of  Maryland,  Baltimore  County, 


and  co-chair  of  the  Educause 
Security  Task  Force.  “We  have  to 
track  who  gets  each  CD,  and  we 
need  a  method  of  recall.  That  is 
tough  for  institutions  to  do.” 

That’s  especially  true  given 
Microsoft’s  monthly  patch  release 
and  random  critical  updates. 

Licensing  restrictions  also  pro¬ 
hibits  computers  not  owned  by 
the  school  from  connecting  to  a 
school’s  Software  Update  Services 
(SUS)  server,  which  is  Microsoft 
software  that  the  schools  deploy 
internally  to  distribute  patches. 
The  same  is  true  for  Microsoft’s 
Systems  Management  Server. 

Microsoft  does  not  provide 
tools  to  authenticate  access  to 
SUS  servers,  which  would  permit 
auditing  of  downloads,  Suess 
says.  Schools  also  would  have  to 
validate  that  only  users  with 
licensed  software  download 
patches  and  would  be  liable  for 
any  breaches. 

“We  need  simple  things  like  get¬ 
ting  standard  license  agreements 
that  are  readily  adoptable  by  uni¬ 
versities,”  says  Suess,  who  adds 
that  the  task  force  has  not  yet 
developed  concrete  proposals  to 
present  to  Microsoft.“Other  users, 
governments  and  corporations 
expect  us  to  manage  these  stu¬ 
dents  who  are  using  our  IP  ad¬ 
dresses.  There  is  a  level  of 
accountability’ 

The  Security  Task  Force  has 
been  working  with  Microsoft, 
which  hosted  a  Webinar  in 
August  to  answer  questions  and 
appointed  a  technical  staff  mem¬ 
ber  to  field  questions  on  Edu¬ 
cause’s  security  discussion  list. 

Microsoft  currently  has  a  few 
licensing  programs  for  schools, 
including  the  Campus  Agree¬ 
ment  with  a  Student  Option, 
which  provides  licensed  soft¬ 
ware  for  students.  A  license  to 
provide  500  students  with  a 
desktop  operating  system,  Office 
and  a  client  access  license  for 
Windows  Server  and  SQL  Server 
Standard  Edition  costs  $13,500. 
However,  universities  must  li¬ 
cense  a  minimum  of  300  stu¬ 
dents  and  license  by  entire 
departments  or  the  entire  cam¬ 
pus;  they  cannot  license  random 
students. 

Microsoft  has  the  MSDN 
Academic  Alliance  membership 
program  for  departments  that 
teach  and  use  computers.  The 
$800  per  department  fee  includes 
access  to  software  for  instruction 
only  and  an  electronic  software 
distribution  system  run  by 
e-academy  Inc.  ■ 
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ProCurve  Networking  is  pleased  to  announce  the  marriage  of  two 
wonderful  words:  Affordable  Gigabit. 


ProCurve  Networking  by  HP.  Gigabit  is  better  when  it  works  at  the  edge  (not  just  the  core)  of  your  network.  It's  better  when  it  brings  impressive  network 
performance  to  your  gigabit-enabled  PCs,  notebooks  and  servers.  And  it's  better  still  when  it  virtually  eliminates  network  bottlenecks  and  congestion— and 
does  that  at  a  truly  extraordinary  price.  So  all  your  applications,  including  high-bandwidth  apps  like  video  and  CAD,  are  delivered  to  users  in  seconds, 
not  minutes— for  cents,  not  dollars.  ProCurve  Networking.  Secure.  Mobile.  Multiservice.  And  affordable. 


HP 


;,C. ; 


SWITCH  c: 


•  Open  standards  enabling  interoperability 
and  ease  of  integration 

•  Flexibility  of  stackable  or  chassis 
configuration 

•  Lifetime  warranty* 

•  Low  cost  of  ownership 

•  Legendary  service  and  support 


■■ 


CALL 

800-975-7684  Ref.#1 

Trade  in  a  current  switch  or  hub  and 

save  up  to  $400  on  a  new  HP  gigabit 

CLICK 

hp.tradeups.com/procurvepromo 

switch.  Call  or  click  to  learn  more. 

VISIT 

your  local  HP  reseller 

invent 


'For  as  long  as  you  own  the  product.  ©2004  Hewlett-Packard  Development  Company,  L.P. 
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Safety  begins  In  the  home 

Parents  looking  to  temper  Internet  freedom  with 
safeguards  for  their  kids  should  consider  the  following 
home  use  practices. 

Role-based  usage:  Define  how  you'd  like  your  children  to  use 
the  computer.  Create  user  privileges  and  restrict  children’s 
administrator  roles  on  the  PC  to  ensure  they  cannot  change  policies 
or  download  software. 

In  plain  view:  Locate  the  computer  with  Internet  access  in  a 
common  room  —  such  as  the  home  office  or  library  —  not  in  the 
child's  bedroom. 

Accentuate  the  positive:  Set  a  list  of  acceptable  Internet  sites 
in  browsers,  teaching  children  the  benefits  of  online  information 
and  research. 

Make  kids  be  themselves:  Don't  allow  them  to  take  on  aliases 
in  their  IM  account  or  group  chats. 

Limit  information  sharing:Tell  your  children  not  to  fill  out  any 
forms  on  Web  sites  requiring  personal  information  and  to  stop  any 
online  conversations  with  individuals  requesting  personal  details. 

Monitor,  monitor,  monitor:  Even  with  safeguards  in  place, 
incidents  might  occur.  Monitor  your  system  for  adware  and  spyware; 
your  browser's  history  file;  the  computer  and  firewall  cache;  and 
e-mail  or  IM  chats  to  determine  if  your  child  is  visiting  sites  or 
talking  to  strangers  online. Then  talk  to  your  children  about  it. 


Home 

continued  from  page  1 

taken  a  series  of  measures  with 
regard  to  their  Internet  use,”  he 
says.“As  they  get  older  and 
need  to  do  more  online,  we’ll 
have  to  manage  this  in  a  more 
efficient  manner.” 

In  some  ways,  network  and 
other  IT  professionals  who  are 
parents  have  an  edge  over  non¬ 
techie  moms  and  dads  when  it 
comes  Internet  access  and  chil¬ 
dren. Techie  parents  get  expo¬ 
sure  to  the  latest  filtering  and 
security  techniques  and  issues  , 
and  give  more  thought  in  the 
workplace  to  issues  such  as 
Web  access  and  instant-messag¬ 
ing  privileges.  Not  that  all  the 
tech  knowledge  in  the  world 
makes  up  for  lack  of  common 
sense  and  good  people  skills. 

No  monitoring  tools 

IS  Director  Ross  McKenzie  says 
he  favors  controlled  exposure  to 
the  Internet  for  his  10-  and  12- 
year-old  sons:  He  doesn’t  like 
automated  monitoring  tools,  but 
manually  checks  history  files 
and  sometimes  peeks  at  incom¬ 
ing  or  outgoing  messages. 

“Monitoring  tools  send  the 
wrong  message  to  the  kids,”  says 
McKenzie,  who  works  at  Johns 
Hopkins  Bloomberg  School  of 
Public  Health  in  Baltimore.“I 
would  rather  teach  them  to  use 
the  Internet,  e-mail  and  chat 
responsibly,  and  teach  them 
what  is  right  and  wrong.” 

He  runs  his  childrens’  e-mail 
accounts  through  an  Exchange 
server  at  his  house,  and  the  chil¬ 
dren  know  he  administers  it  and 
can  access  it  any  time.  One  time 
McKenzie  found  that  a  friend  of 
one  of  his  son’s  had  typed  in  the 
URL  of  a  porn  site,  leading  him 
to  confront  the  children  and 
alert  the  friend’s  parents. 

Brian  Jones,  network  engineer¬ 
ing  and  operations  manager  at 
Virginia  Polytechnic  Institute  and 
State  University  in  Blacksburg, 
depends  on  technology  and 
training  to  keep  his  12-  and  15- 
year-old  boys  from  roaming  to 
unsavory  areas  online. 

“I  don’t  let  my  children  install 
any  software  on  the  computer 
without  supervision.  I  also  don’t 
let  them  join  anything  or  fill  out 
any  forms,”  Jones  says.“lt  is  a 
good  idea  to  create  user 
accounts  for  your  children  to 
limit  their  administrative  privi¬ 
leges  on  the  computer  —  to  pro¬ 
tect  the  computer  and  to  keep 
track  of  who  is  doing  what.” 

Jones  uses  software  to  block 
popups,  watch  for  spyware  and 


protect  his  home  network 
against  viruses.  He  doesn’t  use 
monitoring  software,  mostly 
because  he’d  rather  his  sons  fol¬ 
low  his  policies  than  those  of 
the  software. 

Others  advocate  more  of  a 
hands-off  style. 

Richard  Leland,  director  of 
business  systems  at  a  legislative 
branch  agency  in  Washington 
D.C.,  safeguards  his  home  PC 
with  a  virus-protection  service 
and  a  firewall,  but  doesn’t  use 
Web  site  monitoring  or  block¬ 
ing  tools  to  keep  his  17-year-old 
daughter  in  line. 

“My  daughter  has  had  access 
to  a  computer  her  entire  life 
and  has  been  raised  to  under¬ 
stand  what  she  should  and 
should  not  do  in  this  environ¬ 
ment.  1  trust  her  judgments,” 
Leland  says. 

But  such  an  approach  might 
not  work  for  every  family  “Some 
children  may  need  the  more 
structured  controls  offered  by 
filtering  products,”  he  says. 

Daniel  Basse,  director  of  IS  at 
Ridge  Vineyards  in  Cupertino, 
Calif.,  recommends  parents  use 
Internet  monitoring  tools  and  a 
keystroke  logger. 

Having  a  monitoring  tool  that 
can  be  updated  automatically  is 
important,  Basse  says.There  is 
no  way  a  parent  would  know 
what  they  need  to  block,  nor 
where  to  find  it, so  these  types  of 
software  and  services  provide 
the  research  to  assist  parents.” 

In  the  hands  of  unsavory  peo¬ 
ple,  keystroke  loggers  can  be 


used  to  capture  passwords  or 
credit  card  numbers.  In  parents’ 
hands,  they  can  be  used  to  see  if 
inappropriate  conversations  are 
occurring,  Basse  says.  Parents 
also  can  use  keystroke  loggers  to 
see  if  a  child  has  tried  to  circum¬ 
vent  parental  controls,  he  adds. 

Sheryl  Glore,  chief  of  imple¬ 
mentation  and  standards  for  the 
Air  Force  at  Patrick  Air  Force 
Base  in  Florida,  says  her  15-year- 
old  daughter  loses  Internet  priv¬ 
ileges  for  swearing  while  instant 
messaging. 

Glore  watches  history  logs 
and  temporary  Internet  files. 
Instead  of  installing  monitoring 
software,  she  checks  her  daugh¬ 
ter’s  buddy  list,  configured  her 
e-mail  account  to  accept  mes¬ 
sages  only  from  known  address¬ 
es  and  restricts  her  administra¬ 
tive  rights  on  the  PC. 

“I  don’t  use  monitoring  tools 
because  there  are  so  many 
choices;  how  do  I  know  what  is 
best  for  my  circumstance?”  she 
says. 

Priscilla  Milam’s  story  is  simi¬ 
lar.  She  limits  her  daughter’s 
time  online,  keeps  the  PC  in 
public  view,  and  checks  log  files 
and  browser  cache  files.  But  she 
also  is  aware  that  her  1 7-year- 
old  daughter  might  be  old 
enough  to  work  around  tech¬ 
nology  controls.  Milam,  the 
dean  of  technology  at 
Kingwood  College  in  Texas, talks 
to  her  daughter  about  meeting 
people  on  the  Internet  and 
exchanging  information  with 
them. 


“I  treat  the  threat  of  the 
Internet  as  I  do  teenage  drink¬ 
ing  and  drugs,”  she  says.“I  make 
a  point  to  share  news  stories 
relating  to  Internet  incidents 
involving  children  whenever 
possible  to  make  the  threat 
real.” 

The  risks  are  real,  according  to 
the  FBI,  which  says  the  Internet 
has  dramatically  increased  sex 
offenders’  access  to  children.  It 
manages  a  multi-agency  effort 
—  called  the  Innocent  Images 
National  Initiative  (IIN1)  —  to 
combat  the  proliferation  of 
online  child  pornography  and 
sexual  exploitation. There’s  no 
shortage  of  work  for  the  team: 
The  number  of  IINI  cases 
leaped  from  1 13  in  1996  to 
2,370  in  2002. 

Another  approach 

Numbers  like  that  have 
encouraged  some  techie  par¬ 
ents  to  take  a  conservative 
approach  to  Internet  access  at 
home. Wayne  Roberts,  a  net¬ 
work  engineer  at  Emery  School 
District  in  Huntington, “Utah, 
doesn’t  allow  it. 

“I  have  children,  and  have  very 
strong  feelings  about  Internet 
browsing,” says  Roberts,  the 
father  of  children  aged  10,8,6 
and  4.“I  don’t  have  an  Internet 
connection  at  my  home  and 
quite  possibly  never  will.” 

“When  my  children  need 
information  and  don’t  have 
time  to  find  it  at  school,  I  bring 
them  to  my  office,  where  they 
have  a  fast  connection,  and  I 
monitor  them,”  he  says.’Also, 
there’s  a  firewall  and  strong  fil¬ 
ter  where  they  won’t  accident¬ 
ally  find  something  I  don’t  want 
them  to  see.” 

Meanwhile,  the  trend  among 
non-techie  parents  is  to  use  the 
parental  controls  software  that 
comes  bundled  with  ISP  ser¬ 
vices,  says  Tim  Lordan,  staff  direc¬ 
tor  of  the  nonprofit  Internet 
Education  Foundation  in  Wash¬ 
ington,  D.C.The  foundation  main¬ 
tains  a  database  of  parental  con¬ 
trol  tools  and  related  content 
through  its  GetNetWise  project. 

If  monitoring  and  blocking 
tools  are  not  your  style,  GetNet¬ 
Wise  includes  non-technical 
resources  as  well, such  as  par¬ 
ent-child  contracts  that  estab¬ 
lish  rules  for  computer  use. 
Having  a  contract  is  a  way  to 
broach  the  subject  of  appropri¬ 
ate  Internet  usage,  he  says. 

“If  nothing  else,  it  starts  the 
conversation.”  ■ 
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IDC  Outlook  on  IT  s  Contribution  to  Business  Productivity 


A  Supplement  to  IDG  Publications 


IDC 


Analyze  the  Future 


Dynamic  IT 


Wireless  connectivity  and  some  features  may  require  you  to  purchase  additional  software,  services  or  external  hardware.  System  performance,  battery  life,  wireless  performance  and  functionality  will  vi 
for  more  information.  ©2004  Intel  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  the  Intel  Centrino  logo,  and  Intel  Centrino  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiari 


Maximum  mobility 
equals  maximum  productivity. 

And  Intel'  Centrino 
mobile  technology  is  designed 
from  the  ground  up  for 
mobile  computing.  It  enables 
extended  battery  life 
in  a  new  generation  of  thin, 
light,  wireless  laptops. 

And,  Intel  works  closely  with 
industry  leaders  to 
support  a  wide  range  of  wireless 
security  solutions. 

It’s  all  about  mobility.  Unwire 
your  company  at 
intel.com/business. 

int^l. 


Integrated  wireless.  No  need 
to  deal  with  adapter  cards. 


Power  conserving.  Advanced 
technology  enables  extended 
battery  life. 


Thin,  light  designs.  Light 
briefcases  mean  happy  users. 


High  performance.  Power 
to  run  the  most  demanding 
applications. 


depending  on  your  specific  hardware  and  software  configurations.  See  http://www.intel.com/products/centrino/more_info 
in  the  United  States  and  other  countries.  All  rights  reserved. 


A  Supplement  to  IDG  Publications 


Dynamic  IT 

Riding  the  Next  Wave 
of  Business  Innovation 
and  Productivity 


Over  the  past  two  decades,  $10  trillion  in  information  technology  investment  has 
unleashed  a  wave  of  business  innovation  -  in  everything  from  the  way  companies 
deal  with  customers  and  suppliers  to  the  way  they  conduct  meetings,  count  paper 
clips  and  send  correspondence.  For  years  there  have  been  questions  over  the 
degree  to  which  IT  actually  increases  business  productivity,  but  since  the  mid- 
1990s  it’s  been  clear  that  the  contribution  is  substantial.  There  are  now  enough 
studies  to  fill  a  bookcase  on  the  impact  of  IT  on  both  enterprise  and  country- 
level  productivity. 


Figure  1  actually  shows  the  cor¬ 
respondence  between  U.S.  produc¬ 
tivity  growth  and  IT  investment  as 
measured  by  the  U.S.  government  - 
with  the  growth  in  IT  investment 
shifted  by  three  years  on  the 
assumption  that  it  takes  some  time 
for  the  investments  to  pay  off. 

As  you  can  see,  in  almost  every 
instance  where  IT  investment  has 
gone  up  (or  down),  productivity 
growth  three  years  down  the  line 
has  followed.  The  data  does  not 
prove  a  cause  and  effect,  but  the 
correspondence  is  clear.  Increased 


By  John  Gantz,  Chief  Research 
Officer,  IDC,  and  Frank  Gens, 
Senior  Vice-President,  IDC 

IT  spending  and  increased  produc¬ 
tivity  go  hand  in  hand. 

Of  course,  this  is  a  picture  of  the 
macrocosm.  In  the  microcosm,  we 
have  plenty  of  other  evidence  that 
IT  has  generated  improved  corpo¬ 
rate  performance. 

In  spring  2004,  IDC  surveyed 
500  CEOs  and  CIOs  on  the  rela¬ 
tionship  between  IT  investment  and 
sales  performance.  That  study  found 


that  companies  with  high  sales  per¬ 
formance  are  also  likely  to  be  lead¬ 
ers  in  IT.  Additionally,  these  busi¬ 
nesses  tend  to  increase  IT  spending 
faster  than  the  market  average, 
while  keeping  an  eagle  eye  on  costs. 
Moreover,  these  sales  and  technolo¬ 
gy  leaders  concentrate  their  invest¬ 
ment  in  areas  that  give  them  more 
insight  into  their  customers. 

Translated  to  the  enterprise  envi¬ 
ronment,  this  means  that  companies 
that  increase  investment  in  IT 
should  see  an  increase  in  productivi¬ 
ty  and  performance.  But  this  is  only 
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true  if  they  invest  in  the  right  tech¬ 
nology  at  the  right  time;  manage 
their  investment  and  implementation 
well;  and  manage  their  non-IT 
investment  to  maximize  their  IT 
investment. 

And  it  goes  without  saying  that 
companies  that  do  increase  produc¬ 
tivity  through  IT  do  not  do  so  in  a 
vacuum.  Their  peers  and  competitors 
will  be  investing  in  IT  as  well.  You 
can’t  just  improve  a  business  process 
and  stop  there.  Innovation  needs  to 
be  ongoing. 

To  sustain  this  innovation  -  con¬ 
tinually  improving  business  processes 
while  simultaneously  engineering  out 
costs  -  I  DC  envisions  a  new  genera¬ 
tion  of  information  technology  that 
we  call  “dynamic  IT.” 

The  concept  is  simple.  Dynamic 
IT  is  about  creating  a  high-perform¬ 
ance  IT  capability  that  can  support 
the  rapid  pace  of  business  change. 
The  dynamic  IT  framework  untan¬ 
gles  the  patchwork  of  isolated, 
under-leveraged  infrastructure,  data 
and  applications  that  today  are  com¬ 
mon  in  many  companies.  It  turns 
hard-wired  point  solutions  into 
shared  services. 

The  goal  of  dynamic  IT  is  not  to 
make  an  enterprise  merely  a  little 
more  responsive  to  changing  busi¬ 
ness  needs,  but  rather  an  order  of 
magnitude  more  responsive.  It’s  a 
lofty  goal,  to  be  sure,  but  as  we  will 
show,  many  of  the  technologies  and 
business  practices  required  to  meet  it 
are  already  here. 


Why  dynamic  IT? 

In  a  controversial  article  published 
in  the  May  2003  “Harvard  Business 
Review,”  Nicholas  Carr  argued  that 
IT  is  now  a  commodity  that  no 
longer  offers  sustainable  competitive 
advantage.  Too  many  companies 
have  access  to  the  same  packaged 
solutions  for  any  IT-driven  advantage 
to  last  for  long.  IT,  Carr  contends,  is 
like  electricity  or  steel  -  critical  to  a 
company  but  not  a  source  of  differ¬ 
entiation.  Business  and  IT  executives 


have  been  arguing  since  the  article 
appeared  with  Carr’s  basic  premise, 
but  they  agree  that  IT  is  critical  to 
business  (Figure  2). 

One  sign  of  the  importance  of  IT 
is  the  amount  of  time  line-of-busi- 
ness  executives  and  CEOs  spend  on 
IT  issues:  20%!  This  includes  plan¬ 
ning,  evaluating,  reviewing  and  test¬ 
ing.  Over  25%  of  respondents  expect 


their  involvement  with  IT  to  increase 
over  the  next  year  (none  thought  it 
would  decrease),  and  over  50%  say 
their  company  should  be  more 
aggressive  in  using  IT  to  attack  busi¬ 
ness  problems. 

In  another  survey  of  large  U.S. 
enterprises,  top  business  and  IT 
executives  told  IDC  the  biggest 
problems  they  face  aren’t  technologi¬ 
cal  in  nature.  Rather,  the  top  chal¬ 
lenges  are  related  to  cutting  waste 
and  inefficiency  in  the  company; 


reorganizing  to  better  face  the  mar¬ 
ket;  and  doing  a  better  job  of  deal¬ 
ing  with  customers,  partners  and 
suppliers. 

Can  IT  help  address  these  busi¬ 
ness  problems?  How? 

This  is  where  dynamic  IT  comes 
in.  Even  if  author  Nicholas  Carr  is 
wrong,  it’s  clear  that  the  days  of 
long-lasting  market  stability  and 


Figure  1.  Growth  in  U.S.  productivity  follows  growth  in  IT  investment 


%  Growth  Y/Y  (Productivity)  %  Growth  Y/Y  (IT  Investment) 


Source:  IDC  2004 
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competitive  advantage  are  over  (if 
they  ever  existed  at  all).  Management 
priorities  are  increasingly  driven  by 
the  need  to  respond  quickly  to  fast- 
moving  market  dynamics.  A  sharp 
rise  in  oil  prices.  The  demise  of  a  key 
supplier.  An  acquisition.  A  new  law 
or  court  decision.  A  dock  strike. 
Offshore  competitors. 

Indeed,  the  only  way  to  gain  sus¬ 
tainable  competitive  advantage  is  to 
continually  establish  and  re-establish 
temporary  competitive  advantage. 


That’s  why  companies  as  diverse 
as  3M  and  Best  Buy  are  continually 
searching  for  IT-borne  advantages. 
3M  has  a  “2X/3X  initiative”  intend¬ 
ed  to  double  the  number  of  products 
it  creates  every  year  -  a  task  that 
leans  heavily  on  IT.  Best  Buy  has  a 
“customer-centric  stores  initiative” 
that  seeks  to  tailor  store  replenish¬ 


ment  to  the  shopping  patterns  found 
in  individual  stores.  And  why  do  you 
think  Wal-Mart  is  pushing  radio  fre¬ 
quency  identification  (RFID)  so 
heavily?  It’s  all  in  the  quest  to  keep 
store  shelves  stocked  at  all  times. 

But  using  IT  to  support  such  real¬ 
time  adjustments  to  changing  busi¬ 
ness  conditions  is  no  easy  task.  While 
organizations  face  growing  pressure 
to  become  more  dynamic,  IT  has 
historically  responded  slowly  to  busi¬ 
ness  change.  In  many  industries,  the 


speed  of  business  cycles  outstrips  the 
speed  at  which  IT  can  react. 

Two  key  goals  of  replacing  the 
numerous  hard -wired  connections 
among  dedicated  IT  resources  with 
many  more  “virtual”  connections 
among  shared  resources  are  improv¬ 
ing  operational  efficiency  through 
resource  sharing  and  reduced  redun¬ 


dancy;  and  improving  the  adaptabili¬ 
ty  of  business  operations  with  a  lay¬ 
ered,  service-oriented  IT  environ¬ 
ment  that  allows  changes  to  be  made 
in  individual  parts  of  a  business  solu¬ 
tion  without  impacting  the  rest  of 
the  solution. 

Adding  to  the  challenge  of  build¬ 
ing  dynamic  IT  is  business  execu¬ 
tives’  perception  that  IT  costs  are 
too  high  and  IT  asset  utilization  too 
low.  As  a  result  of  this  perception, 
much  of  the  build-out  of  dynamic  IT 
will  have  to  be  self-funded. 

The  path  to  dynamic  IT 

IDC  sees  the  transformation  to 
dynamic  IT  unfolding  on  two  paral¬ 
lel  paths.  First,  there’s  business  strat¬ 
egy  and  execution.  To  respond  faster 
to  changing  business  needs,  dynamic 
IT  needs  to  improve  the  organiza¬ 
tion’s  ability  to  develop  and  integrate 
applications,  data  and  workflow,  as 
well  as  to  monitor  business  perform¬ 
ance  and  speed  operational  adjust¬ 
ment  to  market  changes. 

The  second  path  is  IT  operations 
management  and  automation. 
Dynamic  IT  needs  to  deliver  on 
higher  service-level  performance  and 
lower  IT  infrastructure  costs.  It  must 
also  link,  monitor  and  manage  all  IT 
operational  elements  in  the  enter¬ 
prise.  The  latter  imperative  includes 
automating  labor-intensive  tasks; 
developing  end-to-end  management 
capabilities;  reducing  hard-wired 
inflexibility  through  virtualization; 
and  adopting  flexible  sourcing  and 


Figure  2.  Over  79%  of  business  executives  say  IT  is  critical  or  important 


How  much  of  a  factor  is  IT  operations  performance 
to  your  business  success? 


Not  at  all  a 
factor 
4.0% 


Minor  factor 
16.5% 


Important 
factor 

41.0% 

Source:  IDC’s  LOB  Executive  Survey,  2004 


Critically 

important 

38.5% 
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payment  options. 

The  real  payoff  will  come  when 
the  transformations  down  these  two 
paths  are  intimately  linked.  The  left 
side  of  Figure  3  illustrates  how 
dynamic  IT  delivers  value,  but  the 
right  side  shows  where  the  real  lever¬ 
age  comes  from. 

In  most  enterprises,  the  two 
domains  (business  strategy  execution 
and  IT  operations  and  management) 
have  historically  been  segregated. 

But  for  a  company  to  become  a  truly 
dynamic  enterprise,  it’s  vital  that 
these  barriers  be  breached.  Business 
executives  need  to  understand  how 
IT  can  be  applied  to  improve  their 


operations.  IT  personnel  need  to 
have  a  clear  view  of  the  entire  IT 
value  chain  and  how  it  supports  busi 
ness  processes. 

These  may  seem  like  pie-in-the- 
sky  goals,  but  there  is  no  doubt  that 
existing  technologies  can  be 


employed  in  an  orchestrated  effort  to 
help  create  this  linkage. 

Hinge  technologies 

What  are  the  critical  building 
blocks  that  organizations  need  to 
create  a  dynamic  IT  capability?  IDC 
has  identified  12  specific  technolo¬ 
gies,  six  for  each  major  component. 

We’ll  start  with  die  “business 
strategy  automation  and  execution” 
component. 

Business  monitoring  and  ana¬ 
lytics:  measuring  business  per¬ 
formance  to  trigger  dynamic 
change.  Think  management  dash¬ 
boards,  portals,  real-time  analytics. 


ments  of  hot  selling  items. 

Business  process  management 
and  applications  automation: 
quickly  configuring  applications 
and  workflow  to  support  the  busi¬ 


ness.  Business  process-focused  solu¬ 
tions  using  reusable  application  logic, 
business  rules  and  workflow  are  the 
order  of  the  day  -  not  large,  inflexi¬ 
ble  packaged  applications. 

Information  and  data  services: 
defining  and  accessing  relevant 
information  as  needed. 
Technologies  that  support  integra¬ 
tion,  transformation  and  quality  of 
information  in  a  time-sensitive  man¬ 
ner  are  critical.  This  means  advances 
in  modeling  and  meta-data  manage¬ 
ment;  better  contextual  analysis  of 
data;  the  combination  of  structured 
and  unstructured  data;  advanced 
search  and  discovery;  and  federated 
data  management. 

Integration,  event  and  deploy¬ 
ment  services:  connecting,  process¬ 
ing  and  managing  end-to-end 
messages,  events,  information  and 
application  logic.  This  technology 
supports  concurrent,  asynchronous 
and  synchronous  message  streams 
with  contextual  and  state  awareness. 
Discrete  technologies  include  agents 
and  brokers;  application  servers  for 
service  provisioning;  and  integration 
tools  that,  to  take  one  example,  can 
help  companies  gain  a  single  view  of 
their  customers. 

Collaboration  and  communica¬ 
tion  services:  supporting  human 
interaction  in  the  business  process. 

These  technologies  coordinate 
resources  for  interaction,  especially 
those  enabling  workforce  productivi¬ 
ty  and  linking  the  organization  to 
the  outside  world.  To  date,  many  of 


Think  store  reporting  systems  that 
automatically  trigger  supplier  ship¬ 
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these  technologies  have  led  to  appli¬ 
cations  that  remain  isolated  from  the 
automated  functions  of  a  business. 
That  must  change. 

Access  and  interface  services: 
providing  navigation  and  interac¬ 
tive  experience  inside  and  outside 
the  enterprise.  Given  the  growing 
complexity  and  tremendous  volume 
of  systems  and  sources  in  today’s 
computing  environments,  navigating 
and  accessing  them  in  the  context  of 
role  and  function  has  become 
increasingly  difficult.  Consolidating 
sign-on  and  standardizing  proce¬ 
dures  is  just  a  first  step  in  addressing 
the  user  experience. 

Now  we’ll  note  technologies  sup¬ 
porting  the  “IT  operations  manage¬ 
ment  and  automation”  component. 

Service-level  management  and 
automation:  triggering  deploy¬ 
ment  of  IT  resources.  These 
include  the  emerging  automation  or 
orchestration  engines  that  trigger  the 
provisioning  of  enterprise  systems 
from  virtual  resource  pools. 
Automated  provisioning  is  what 
finally  achieves  “on-demand”  or 
“utility”  IT.  This  requires  the  setting 
of  service  level  agreements  and  set¬ 
ting  priorities  for  different  workloads 
and  services. 

Metering,  measurement  and 
chargeback:  charging  for  IT  use  by 
business  group  or  activity.  This 
area  is  focused  on  leveraging  meter¬ 
ing  metrics  for  usage  measurement 
and  billing  to  departments  and  cus¬ 
tomers  that  use  a  shared  resource 


pool  governed  by  service-level  man¬ 
agement  and  automation. 

Security:  protecting  the  entire 
IT  environment.  Security  runs 
through  all  layers  of  dynamic  IT  and 
ensures  privacy  between  customers 
and  departments  in  a  shared-resource 
environment.  Its  many  facets  include 
authorization,  access,  protection  and 
managing  identity  throughout  and 
beyond  the  enterprise. 

Infrastructure  virtualization: 
creating  efficient  virtual  resource 
pools.  The  partitioning  of  servers  is 
the  most  commonly  used  aspect  of 
virtualization  today;  the  practice 
must  be  extended  and  refined  so  that 
all  enterprise  systems  can  be  allocat¬ 
ed  and  reallocated  to  different  work¬ 
loads  depending  on  service-level 
agreements  and  priorities. 

Infrastructure  provisioning: 
enabling  rapid  and  consistent 
deployment  of  IT  resources  with 
improved  change  control.  Here  are 
the  tools  that  provision  a  platform 
with  operating  systems,  patches, 
applications  and  services  that  allow  it 
to  be  a  resource  for  a  given  work¬ 
load.  Provisioning  tools  may  be 
automated  (and  therefore  controlled) 
by  the  service  level  management  and 


automation  engine;  alternatively, 
they  may  be  more  manual,  in  which 
case  they  may  help  IT  managers 
seeking  to  deploy  patches  or 
upgrades  to  groups  of  servers 
remotely. 

Platform  management  and 
monitoring:  enabling  system  mon¬ 
itoring,  inventory,  alerting,  group 
management  and  capacity  manage¬ 
ment.  These  technologies  contribute 
the  individual  node  and  group  sys¬ 
tems  management  that  lets  IT 
administrators  manage  the  hardware 
and  software  elements  of  storage, 
server  and  network  equipment. 

Making  dynamic  IT  happen 

Merely  knowing  what  technolo¬ 
gies  lead  toward  dynamic  IT  doesn’t 
ensure  their  implementation  will  go 
smoothly.  But  a  number  of  design 
principles  apply. 

For  one  thing,  point  products  or 
solutions  with  little  connection  to 
other  parts  of  the  IT  value  chain  are 
clearly  of  limited  value.  Applications 
that  lack  business  rules  or  service 
level  requirements  as  key  design 
inputs  won’t  make  the  grade.  In 
turn,  service-oriented  architectures 
incorporate  layers  of  abstraction  that 
allow  for  the  rapid  changing  of  IT 
system  behavior  -  which,  in  turn, 
allows  for  rapid  re-architecting  appli¬ 
cations  and  solutions. 

Dynamic  IT  is  also  heavy  on 
modular  design,  the  use  of  standards 
when  possible  and  multiple  levels  of 
virtualization.  Dynamic  IT  simulta- 
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neously  increases  the  number  of 
logical  connections  among  IT 
resources  and  cuts  (or  masks)  as 
many  physical  interdependencies  as 
possible.  While  virtualization  has 
been  available  within  IT  systems  for 
decades,  its  application  is  spreading 
to  a  much  broader  range  of  hard¬ 
ware  and  software  systems. 

Finally,  dynamic  IT  comes  with  a 
flexible  internal/external  sourcing 
model  and  a  flexible  operating  cost 
model.  One  major  benefit  of 
dynamic  IT  is  the  flexibility  it  brings 
to  internally  source  or  outsource 
various  components  as  business 
conditions  require.  A  flexible  cost 
model  that  supports  usage-based 
pricing  or  on-demand  access  to 
resources  is  also  a  key  ingredient. 

Measuring  the  value 

Naturally,  enterprises  must  rigor¬ 
ously  track  both  the  cost  and  contri¬ 
bution  of  dynamic  IT.  This  can  be 
difficult  to  envision.  How  is  IT  sup¬ 
posed  to  improve  a  business  process? 
Faster  response  time?  Around-the- 
clock  coverage?  Fewer  errors?  How 
will  improvement  be  measured? 

What  did  the  IT  behind  that 
improvement  cost? 

Because  IT  investments  may  sup¬ 
port  multiple  business  processes,  and 
because  a  business  process  improve¬ 
ment  may  come  from  multiple  IT 
investments,  matching  costs  to 
improvement  is  a  challenge. 

We  find  that  getting  the  most  out 
of  dynamic  IT  requires  two  linked 


measurements: 

•  IT  costs  supporting  a  business 
function. 

•  Improvement  in  that  business 
function. 

The  linkage  must  come  from 
detailed  monitoring  on  both  sides. 
This  is  where  the  service  level  archi¬ 
tecture  and  metering  and  monitoring 
technologies  in  dynamic  IT  come  in 
-  dynamic  IT  helps  monitor  and 
report  on  itself  to  enable  optimal  use 
of  IT  resources.  The  same  goes  for 
business  monitoring  and  business 
analytics. 

IDC,  in  its  IT  Value  Metrics  and 
Measurement  research  practice, 
closely  studies  the  way  leading  U.S. 
and  global  companies  justify,  moni¬ 
tor  and  optimize  their  IT  invest¬ 
ments  (see  sidebar)  -  but  let’s  face  it, 
there  are  no  silver  bullets.  The  most 
important  requirement  is  that  there 


be  some  ongoing  monitoring  of 
improvement  and  costs. 

The  roadmap 

Building  a  dynamic  IT  capability 
is  a  large  and  complex  undertaking. 
Where  should  CIOs  start  the  jour¬ 
ney?  The  answer  will  vary  by  organi¬ 
zation,  but  in  a  recent  IDC  survey 
of  U.S.  business  executives  it  was 
clear  that  the  dynamic  IT  areas  most 
directly  connected  to  enabling  busi¬ 
ness  process  improvement  (flexible 
applications;  integrated  data  and 
information;  and  improved  commu¬ 
nication  and  collaboration)  are  the 
most  urgent. 

On  the  other  hand,  dynamic 
infrastructure  investments,  largely 
invisible  to  business  executives,  are 
considered  lower  priority.  This  is  a 
big  challenge  (and  opportunity)  for 
CIOs,  who  must  connect  the  dots 
between  infrastructure  investments 
and  business  performance. 

For  CIOs  trying  to  develop  and 
prioritize  steps  toward  a  dynamic  IT 
environment,  here  are  some  key 
findings  from  our  research: 

•  Business  executives’  priorities 
will  focus  on  business  processes.  This 
seems  self-evident,  but  IT  execs  must 
remember  that  their  business  coun¬ 
terparts  will  always  see  IT  through 
the  lens  of  their  own  operations. 

•  There  are  mixed  messages 
about  process  visibility.  In  surveys, 
real-time  monitoring  of  business 
ranks  low.  This  may  be  an  anomaly, 
but  it  may  reflect  a  growing  realiza- 
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Computersjor  the  Outside  World 


Panasonic  recommends 
Microsoft®  Windows®  XP 
Professional  for  Business 


With  rugged  desktop  durability  and  starting  at  just 
$2,025,  the  new  Panasonic  Toughbook  51  is  more 
than  a  deal — it’s  a  steal. 

The  Panasonic  Toughbook®  51  desktop  replacement  is  as  solid  as  they  come.  Built 
with  a  magnesium  alloy  case  and  shock-mounted  removable  hard  drive,  it  offers  industry¬ 
leading  reliability.  The  result  is  maximum  uptime  in  and  around  the  office 
and  a  lower  total  cost  of  ownership  for  your  bottom  line.  Best  yet,  it’s  from  Panasonic, 
the  leading  manufacturer  of  rugged  laptops  for  over  fifteen  years.  The  Toughbook  51  — 
so  durable  and  affordable,  you’ll  think  you’re  pulling  a  fast  one  on  us. 


Toughbook  51 


CF-51AB  MODEL 

CF-51GA  MODEL 

CPU 

Intel®  Pentium®  M  Processor  735 

Processor  speed  1 .7GHz 

Intel®  Pentium®  M  Processor  725 

Processor  speed  1 .6GHz 

MEMORY 

512MB  SDRAM,  exp.  to  1 .5GB 

256MB  SDRAM,  exp.  to  1 ,25GB 

STORAGE 

60GB  Hard  Drive 

40GB  Hard  Drive 

DISPLAY 

15"  1600  x  1200  (UXGA) 

TFT  Active  Matrix  Color  LCD 

15"  1024  x  768  (XGA) 

TFT  Active  Matrix  Color  LCD 

MULTIMEDIA  POCKET 

Combo  Drive  (DVD-ROM/CD-RW)  Standard 

Combo  Drive  (DVD-ROM/CD-RW)  Standard 

INTEGRATED  OPTION 

CAC/SmartCard  Reader 

CAC/SmartCard  Reader 

When  purchased  with  a  port  replicator, 
the  Toughbook  51  can  be  used  with  a 
flat  panel  LCD  and  external  keyboard 
and  mouse. 


MOBILE 

TECHNOLOGY 


Panasonic  ideas  for  life 


1.800.662.3537 

panasonic.com/toughbook 
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Accounting  for 
Dynamic  IT  Value 


A  dynamic  IT  organization  is 
always  measuring  and  moni¬ 
toring  itself.  To  help  busi¬ 
nesses  do  so,  IDC’s  IT  Value 
Metric  and  Measurement 
research  practice  recom¬ 
mends  the  following: 

•  Track  IT  consumption  costs 
to  collect  data  for  controlling 
IT  costs  and  showing  IT 
usage  volume/patterns. 
Businesses  should  set 
parameters  through  joint 
efforts  by  business  functions 
(such  as  finance,  engineering 
and  IT);  model  IT  service 
costs  on  key  metrics  that  are 
highly  correlated  cost  driv¬ 
ers;  and  report  cost  data  in  a 
way  that  is  meaningful  to 
constituents. 

•  Track  IT-enabled  business 
process  performance  to  col¬ 
lect  data  for  directing  IT  dol¬ 
lars  to  areas  of  greatest 
impact  and  for  maximizing 
process  performance. 
Companies  should  focus  on 
what  must  happen  in  order 
for  processes  to  be  consid¬ 
ered  successful  (e.g., 
expected  benefits,  impacts, 
outcomes):  identify  key  per¬ 


formance  indicators  with 
quantifiable  markers  of  how 
IT  is  expected  to  impact 
process  performance;  and 
ensure  the  tracking  process 
has  an  internal  logic  that 
takes  into  account  the 
potential  impacts  of  one  part 
of  the  process  on  others. 

•  Use  the  data  from  both  ini¬ 
tiatives  to  more  closely  man¬ 
age  enterprise  activities  to 
strategic  objectives.  For 
example,  enterprises  should 
undertake  interventions  to 
improve  process  perform¬ 
ance  through  adjustments  to 
IT  capabilities  and  services 
or  through  process  adjust¬ 
ments  that  improve  the  way 
people  work  with  technology 
and  conduct  the  process 
itself;  focus  on  net  benefits 
to  the  organization  by  com¬ 
paring  cost  and  usage  data 
to  related  business  process 
performance  data;  and  plan 
for  future  IT-enabled  direc¬ 
tions  more  confidently  on  the 
basis  of  data  that  exposes 
costs  and  usage  patterns, 
process  outcomes,  depend¬ 
encies  and  non-IT  factors 
that  affect  performance. 


tion  that  visibility  into  processes  - 
analytics  and  business  intelligence  - 
can  be  useless  without  the  where¬ 
withal  to  act  on  what’s  learned. 

•  Infrastructure  improvements  are 
less  urgent  to  line-of-business  execu¬ 
tives.  IT  investments  and  capabilities 
are  less  directly  visible  to  business 
executives,  which  creates  an  internal 
marketing  challenge  for  CIOs. 

•  Connecting  the  dots  is  critical. 
CIOs  must  be  able  to  articulate  and 
measure  the  business  impact  and 
value  of  planned  investments. 

•  Improving  IT  capabilities 
trumps  lowering  IT  costs.  In  our 
research,  three  of  the  four  top-rated 
priorities  involved  improving  IT 
capabilities  (functionality,  speed,  flex¬ 
ibility);  only  one  involved  lowering 
costs.  Business  executives  are  not  so 
skeptical  of  IT  value  that  they  simply 
want  to  squeeze  down  costs.  This  is 
valuable  equity  that  IT  must  con¬ 
serve  through  well-managed  projects 
and  high-quality  service. 

With  dynamic  IT  applied  to  the 
process  of  measuring  its  own  impact, 
companies  can  get  a  jump  on  creat¬ 
ing  a  succession  of  temporary  advan¬ 
tages  that,  over  the  long  run,  equal 
sustainable  competitive  advantage.^ 


This  supplement  was  commissioned  by 
IDG.  The  opinions,  analysis  and 
results  presented  herein  are  entirely 
IDC’s,  except  where  otherwise  noted. 

A  license  to  distribute  this  content  does 
not  constitute  an  endorsement  of  IDG 
or  its  advertisers. 
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With  SAS*  business  intelligence  software 
and  Intel*  Itanium*  2-based  servers... 

Innovation  can  come 
from  anyone,  anywhere. 

With  the  right  information,  at  just  the  right  time,  anyone  in  your  company  can  be  the  source  of  the  next  big 
idea.  That’s  why  SAS®9,  the  most  significant  software  release  in  SAS  history,  has  been  designed  to  take 
full  advantage  of  the  scalability,  reliability  and  performance  of  Intel®  Itanium*  2-based  servers.  All  made 
accessible  through  notebooks  based  on  Intel*  Centrino™  mobile  technology.  Through  one  common  business 
intelligence  and  analytics  platform,  you  can  empower  everyone  to  drive  ideas  into  actions  that  increase  profits, 
align  strategies  and  transform  the  way  you  do  business.  To  experience  this  breakthrough  vision,  visit  us  at 

www.sas.com/golntel 


The  Power  to  Know® 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  tl  ieir 
respective  companies.  ©  2004  SAS  Institute  Inc.  All  nghts  reserved.  ©  2004  Intel  Corporation.  All  rights  reserved.  Intel,  Intel  Centrino,  Itanium  2,  Itanium  2  logo,  and  the  Intel  Inside  logo  are  trademarks  or  registered  trademarks  of  Intel 
Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Published  in  the  USA.  295881  US.0804 
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Hyper-Threading  Technology 
from  Intel.  It’s  all  about  productivity. 

There’s  no  magic  potion  to  get  a 
workforce  working  harder.  There  is, 
however,  the  power  of  PCs  built  upon  the 
Inter  Pentium  4  Processor  with  HT  Technology. 

Hyper-Threading  Technology  was  engineered 
to  let  users  run  two  applications  at  once*  So  security 
services  can  run  in  the  background  while  users 
stay  productive.  To  help  your  company  do  more, 
visit  intel.com/business. 

intel. 

‘Look  for  systems  with  the  Intel®  Pentium®  4  Processor  with  HT  Technology  logo  which  your  system  vendor  has  verified  utilize  Hyper-Threading 
Technology.  Performance  will  vary  depending  on  the  specific  hardware  and  software  you  use.  See  http://www.intel.com/info/hyperthreading/ 
for  information.  ©2004  Intel  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel 
Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 
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Start-up  takes  new  anti-virus  tack 


■  BY  JOHN  FONTANA 

Start-up  Avinti  is  putting  a  vir¬ 
tual  server  twist  on  a  well-known 
concept  —  quashing  viruses 
that  use  e-mail  as  their  delivery 
vehicle. 

The  company  this  week  will 
unveil  its  isolation  Server,  a  virus¬ 
blocking  technology  that  uses  a 
virtual  server  to  open  e-mail 
attachments  and  observe  their 
behavior  to  judge  whether  the 
mail  is  safe  to  pass  onto  the  IAN. 

Users  need  not  wait  for  updated 
anti-virus  signatures,  such  as  last 
week’s  JPEG  of  Death  vulnerabil¬ 
ity  to  catch  the  newest  viruses 
because  the  virtual  server  doesn’t 
use  signatures. 

Instead,  it  executes  e-mail  at¬ 
tachments  to  expose  unexpected 
activity  or  malicious  intent  such 
as  file  system  access,  self-replica¬ 
tion,  address  book  lookup,  modi¬ 
fications  and  access  of  the  sys¬ 
tem  registry  or  disk  access.  If  any 
of  that  activity  is  detected,  the 
e-mail  is  dropped. 

The  isolation  Server  sits  at  the 
edge  of  the  network  and  inter¬ 
cepts  e-mail  coming  from  any 
SMTP  relay.  The  virtual  server  fil¬ 


ters  out  the  e-mail  with  attach¬ 
ments  or  active  hyperlinks  and 
lets  all  other  e-mail  pass  through 
to  the  corporate  e-mail  server. The 
filter  can  be  configured  to  weed 
out  and  test  only  those  attach¬ 
ments  most  likely  to  carry  viruses. 

“This  is  a  great  first  line  of 
defense  that  is  much  better  than 
giving  everything  to  your  anti¬ 
virus  software  and  mail  server  to 
choke  on,”  says  David  Cassee, 
director  of  IT  for  IntelliTarget,  an 
outsourcer  of  temporary  help  for 
corporate  sales  departments  in 
Coshocton,  Ohio.  “This  is  more 
flexible  than  traditional  anti¬ 
virus  software  because  I  can 
detect  a  virus  before  the  virus 
definition  is  out.” 

Cassee  and  other  early  adopters 
say  they  were  initially  skeptical 
but  that  has  faded  away  along 
with  concerns  about  latency 

“My  biggest  concern  was  that  it 
would  disrupt  operations  but  we 
haven’t  had  a  single  bump  in  the 
road,”  says  Darren  Massey  a  sys¬ 
tems  integrator  working  with  the 
Utah  branch  of  the  Make-A-Wish 
Foundation.  Massey  says  another 
plus  is  a  reduction  in  help  desk 
calls  from  users  trying  to  figure 


Filtering  out  mgm  behavior 


Start-up  Avinti  is  using  virtual  machine  technology  as  the  basis  for  its  anti-virus 
platform  for  e-mail. 


Internet 
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©  E-mail  is  received  via  the  Internet  or  any  SMTP 
relay  by  the  isolation  Server,  which  executes 
attachments  or  activates  hyperlinks  within  a 
virtual  machine  to  test  for  rogue  behavior. 


©  Mail  that  does  not 
have  any  malicious 
attachments  is  sent 
to  an  e-mail  server. 


©  Mail  found  to  have 
malicious  code  is 
quarantined. 


©  The  e-mail  server 
delivers  mail  to 
the  intended 
recipient. 


out  dialog  boxes  presented  by 
desktop  anti-virus  software.  The 
software  also  can  buy  companies 
time  as  patches  are  tested  and 
rolled  out,  a  process  that  can  take 
weeks  or  months. 

“If  we  can  block  viruses  based 
on  what  they  do  instead  of  using 
signatures,  that  is  powerful,” 
Massey  says. 


“It’s  a  unique  idea  and  a  great 
complement  to  anti-virus  and 
spam  filters,”  says  Teney 
Takahashi,  an  analyst  with  Radi- 
cati  Group.  He  says  performance 
will  be  an  area  of  concern  for 
large  companies,  but  if  virus 
attacks  continue  like  they  have  — 
with  exploits  coming  nearly  at  the 
same  time  vulnerabilities  are  dis¬ 


Azul  Systems  to  launch  Java  appliance 


■  BY  ROBERT  MCMILLAN 

A  start-up  run  by  the  former  CEO  of  Cobalt 
Networks  is  readying  a  multi-core  server 
designed  to  speed  up  Java  processing  in  the 
data  center. 

Azul  Systems,  a  2-year-old,  130-person  com¬ 
pany  expects  to  begin  selling  the  server  in  the 
first  half  of  2005,  the  company  said. The  com¬ 
pany’s  president  and  CEO  is  Stephen  DeWitt, 
who  served  as  vice  president  and  general 
manager  of  Sun’s  server  appliance  division 
after  Sun  purchased  Cobalt  (a  Linux  systems 
vendor)  in  2000.  Dewitt  left  Sun  two  years  after 
the  Cobalt  acquisition. 

DeWitt’s  company  has  developed  a  server 
appliance  that  works  with  existing  Java  2 
Platform  Enterprise  Edition  (J2EE)  software 
without  modification  to  increase  processing 
performance,  says  Shyam  Pillalamarri,  co¬ 
founder  and  vice  president  of  software  engi¬ 
neering  at  Azul. 

“We  have  figured  out  a  way  to  mount  com¬ 
pute  power  remotely”  he  says. 

Azul  wants  to  emulate  the  success  that 
Network  Appliance  had  building  storage 
appliances  with  the  Network  File  System  pro- 

Itocol,  but  Azul’s  appliance  will  support  the 
J2EE  standard  used  by  application  server  soft¬ 
ware  from  companies  such  as  IBM,  BEA 
Systems  and  Oracle,  Pillalamarri  says. 


Azul’s  server  appliance  eventually  could  be 
used  to  speed  up  .Net  applications  by  sup¬ 
porting  Microsoft’s  Common  Language  Run¬ 
time,  Pillalamarri  says.“We  could  support  that 
in  exactly  the  same  fashion,”  he  says.  “That’s 
not  something  that  we’re  targeting  right  now 
because  most  of  the  market  is  J2EE.” 

To  use  Azul’s  product,  customers  must  install 
proxy  software  on  their  servers,  which  then 
offloads  J2EE  processing  on  to  the  Azul  server 
appliance.The  Azul  server,  which  has  yet  to  be 
named,  will  be  based  on  a  custom  24-core 
processor  designed  by  Azul  and  manufac¬ 
tured  by  Taiwan  Semiconductor  Manufact¬ 
uring,  Pillalamarri  says. 

The  proxy  software  can  be  installed  on  the 
Windows,  Linux,  Solaris,  HP-UX  and  AIX  oper¬ 
ating  systems,  he  says. 

Azul  has  not  yet  determined  the  exact  con¬ 
figuration  of  the  appliance,  but  it  is  consid¬ 
ering  a  size  as  large  as  1 1 U  with  16  proces¬ 
sors  and  256G  bytes  of  memory  Such  a  sys¬ 
tem  would  have  384  processor  cores  and 
would  be  able  to  run  Java  applications,  split 
into  a  large  number  of  discrete  tasks  called 
threads,  much  faster  than  today’s  servers, 
Pillalamarri  says. 

The  appliance  also  will  run  management 
software  called  the  Compute  Pool  Manager 
that  will  let  administrators  assign  guaranteed 
levels  of  processor  and  memory  access  to  spe¬ 


cific  applications,  he  says. 

One  analyst  expressed  skepticism  over  the 
Azul  approach. 

“The  issue  is  the  overhead  —  in  other 
words,  the  time  it  takes  to  transfer  the  code 
over  to  the  box,  crunch  it  and  return  it,”  says 
Kevin  Krewell,  the  editor-in-chief  of  Micro¬ 
processor  Report. 

Although  Azul  has  been  secretive  about  the 
specifics  of  its  processor  and  system  designs, 
Krewell  says  he  expects  vendors  to  have  more 
success  through  integrating  Java  acceleration 
into  the  servers  running  the  J2EE  application 
than  through  offloading  the  work  to  server 
appliances. 

Another  initial  problem  might  be  server 
licensing  fees.  For  example,  Oracle  requires  a 
software  license  for  every  processor  core  that 
runs  its  software,  meaning  that  Azul’s  1 1U  sys¬ 
tem  would  require  the  equivalent  of  384  sin¬ 
gle-processor  licenses. 

Pillalamarri  admits  that  current  licensing 
models  present  a  problem.  However,  pressure 
from  other  hardware  vendors,  many  of  which 
are  considering  multi-core  system  designs, 
and  from  customers  eventually  will  force  soft¬ 
ware  companies  to  change  their  licensing 
policies,  he  says. 

McMillan  is  a  correspondent  with  the  IDG 
News  Service. 


covered  —  “the  need  and  value 
of  this  product  will  be  apparent.” 

Avinti  officials  say  isolation 
Server  can  handle  5,000  to  6,000 
mailboxes  per  processor  and 
plan  to  release  a  version  next 
year  that  ties  multiple  isolation 
Servers  to  one  console  for  large 
corporate  deployments. 

The  virtual  server  uses  what 
Avinti  calls  a  black  box,  a  simu¬ 
lated  client  that  has  a  generic 
version  of  Windows  2000,  the 
Microsoft  Office  suite,  WinZip 
and  Adobe  Acrobat.  Users  can 
modify  the  black  box  with  other 
applications  for  dealing  with 
specific  attachment  types.  Avinti 
then  adds  a  management  layer 
that  can  observe  behavior  within 
the  black  box. 

The  virtual  machine  technol¬ 
ogy  is  based  on  open  source 
technology 

“We  wanted  to  be  a  virtual 
machine  management  com¬ 
pany  so  we  used  off-the-shelf 
plumbing,”  says  Terry  Dickson, 
CEO  of  Avinti.  “But  we  have 
designed  this  so  we  can  run 
our  virtual  machine  manage¬ 
ment  technology  to  run  on  top 
of  multiple  virtual  machines, 
such  as  those  from  Microsoft  or 
VMware." 

The  isolation  Server  prices  start 
at  $35  per  user  for  installations 
with  hundreds  of  mailboxes,  and 
$20  per  user  for  those  with  thou¬ 
sands  of  mailboxes.  ■ 
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F5  appliance  extends  remote  access 


■  BY  TIM  GREENE 

F5  Networks  is  wheeling  out  new  hard¬ 
ware  that  lets  more  remote  users  securely 
connect  simultaneously  to  corporate  net¬ 
works  than  past  iterations  of  its  product. 

Called  FirePass  4100,  the  security  appli¬ 
ance  supports  1,000  simultaneous  users, 
up  from  100  users  its  current  Firepass  1000 
supports.  Firepass  4100  boxes  can  be  clus¬ 
tered  together  to  support  up  to  10,000 


■  Artisoft,  a  maker  of  IP  PBX  soft¬ 
ware,  bought  IP  PBX  hardware  ven¬ 
dor  Vertical  Networks  this  week 
for  about  $19  million.  Vertical  Net¬ 
works  products  include  the  Instant- 
Office  IP  PBX  for  small  businesses 
and  branch  offices.  Artisoft  makes 
software  called  TeleVantage,  for  IP- 
based  call  centers.  The  company 
plans  to  integrate  its  software  into 
the  InstantOffice  platform,  which  is 
deployed  in  more  than  7,000  sites, 
including  CVS  Pharmacy,  Household 
International,  Aramark  and  The 
Boston  Globe. 

■  Proxim  last  week  rolled  out  an 
entry-level  wireless  LAN  access 
point  and  management  tool.  The 
Orinoco  AP-700  brings  enterprise- 
class  features,  such  as  security  and 
QoS,  to  the  low  end,  the  company 
says.  The  AP-700,  successor  to 
Proxim's  current  AP-600,  includes 
security  features  such  as  advanced 
rogue  access  point  and  client  detec¬ 
tion  on  the  2.4-GHz  and  5-GHz  bands. 
It  also  adds  support  for  802. 11  i,  the 
wireless  security  standard.  The  fea¬ 
tures  are  available  as  part  of 
Proxim's  Release  2.5,  a  software 
upgrade  that  will  be  available  across 
the  vendor's  entire  family  of  Orinoco 
access  points  by  mid-October.  AP- 
700  will  sell  for  $599.  Proxim  also 
introduced  the  Orinoco  Smart 
Wireless  Suite,  a  trio  of  management, 
software  distribution  and  site  survey 
tools  from  vendor  partners  Wavelink 
and  Ekahau. 


users  at  one  site. 

By  comparison,  Juniper’s  largest  appli¬ 
ance,  the  SA  5000,  supports  1,000  users 
only  when  three  are  clustered  together. 
Aventail’s  SA  1500  supports  1,000  users  in 
one  box,  and  it  is  possible  to  tie  only  two 
boxes  together. 

Supporting  a  high  number  of  simultane¬ 
ous  sessions  is  important  to  Coinstar,  a 
coin-counting  kiosk  company  with  12,000 
machines  in  supermarkets  nationwide 
that  need  to  make  connections  to  corpo¬ 
rate  headquarters,  says  Michael  Lau,  net¬ 
work  systems  manager  for  the  Bellevue, 
Wash.,  company  The  kiosks  dispense  pre¬ 
paid  calling  cards  and  debit  cards  that 


■  BY  PHIL  HOCHMUTH 

Quovia  this  week  is  scheduled  to  release 
new  versions  of  its  IP  PBX  management 
appliances  with  improved  monitoring 
and  remote  features  it  says  will  help  users 
with  3Com,  Cisco,  Nortel  or  NEC  IP  PBXs 
run  their  converged  networks  more 
smoothly 

The  Quovia  5000  appliance  adds  man¬ 
agement  and  VoIP  network  monitoring 
features  not  typically  supported  on  IP 
PBXs.The  5000  and  lower-end  3000  are  set 
to  launch  this  week  at  the  Internet 
Telephony  Expo  in  Los  Angeles. 

The  Quovia  5000  and  3000  appliances 
follow  Quovias  previous  ION  appliance 
for  monitoring  and  managing  VoIP  net¬ 
works.  The  ION  lets  users  perform  live 
backups  on  IP  PBXs  without  taking  down 
the  devices  (some  products,  such  as 
3Com’s  NBX,  require  the  box  to  be  offline 
for  backups).  Another  use  of  the  ION 
product  is  to  schedule  software  upgrades 
to  IP  PBX  operating  systems  during  off- 
hours, so  phone  service  is  not  interrupted. 
The  ION  also  supports  VoIP  call  quality 
and  traffic  monitoring,  which  lets  users 
receive  alerts  if  IP  phone  traffic  suffers 
delay  or  jitter. 

The  5000  and  3000  series  run  the  same 
software  with  all  the  same  features  as  the 
ION,  but  faster  than  the  previous  appliance, 
Quovia  says.  The  ION  is  based  on  Linux 
running  on  an  Intel-based  server  hardware, 
Quovia  says.  But  the  new  appliances  use 
three  dedicated  network  processors  for 


require  the  machine  to  check  authoriza¬ 
tion  with  servers  at  company  headquar¬ 
ters,  Lau  says. 

Currently,  the  coin  machines  make  dial¬ 
up  connections  that  are  slow  and  expen¬ 
sive.  DSL  connections  to  the  Internet  in 
combination  with  FirePass  gear  could 
speed  transaction  times  and  reduce  the 
use  of  expensive  direct  dial,  he  says.  “We’re 
looking  for  a  faster  way  to  connect,” 
he  says. 

The  new  FirePass  4 1 00  hardware  also  sup¬ 
ports  F5’s  TrafficShield  application  firewall. 
TrafficShield  blocks  malicious  activity 
based  on  policies  that  define  what  actions 
are  considered  acceptable  and  unaccept- 


various  management  tasks,  such  as  traffic 
monitoring,  call  quality  analysis  and  net¬ 
work  encryption,  for  securing  call  manage 
ment  traffic  on  the  box. 

The  5000  series  includes  a  40G-byte  hard 
disk,  which  can  be  used  to  store  software 
patches  and  operating  system  updates  for 
an  IP  PBX.Targeted  at  networks  with  more 
than  10,000  users,  the  5000’s  storage  also 
can  be  used  to  back  up  IP  PBX  configura¬ 
tion  files  and  other  data.  The  3000  series, 
for  smaller  networks,  performs  the  same 
monitoring  and  management  functions 
as  the  5000,  but  does  not  include  storage 


able  for  each  Web  application  it  protects. 
For  instance,  a  user  might  be  allowed  to 
access  a  page  but  be  blocked  from  chang¬ 
ing  key  fields,  such  as  a  customer  name,  to 
access  that  customers  data. 

This  appliance  and  software  combina¬ 
tion  is  F5’s  first  TrafficShield  product  since 
it  bought  the  technology  by  acquiring 
Magnifier. The  technology  competes  most 
directly  with  Teros,  but  features  of  applica¬ 
tion  firewalls  are  supported  by  other  ven¬ 
dors,  according  to  Joel  Conover,  an  ana¬ 
lyst  with  Current  Analysis.  For  instance, 
Check  Points  Web  intelligence  addresses 
some  of  the  same  types  of  threats,  but  also 

See  F5,  page  20 


for  storing  backups  and  software  updates. 

The  5000,  3000  and  ION  series  boxes 
connect  to  a  corporate  LAN  for  monitor¬ 
ing  IP  telephony  traffic.  If  IP  voice  runs  in 
a  specific  virtual  LAN  or  subnet,  the  appli¬ 
ances  would  be  connected  to  that  seg¬ 
ment.  Software  updates  and  configuration 
file  backups  for  IP  PBXs  also  are  done 
over  a  LAN. 

The  devices  include  serial  port  connec¬ 
tions,  which  lets  them  plug  into  a  port  of 
an  IP  PBX  for  off-LAN  management.  This 
lets  the  appliances  power  down  IP  PBXs 

See  Quovia,  page  2Si 


Quovia  updates  VoIP  mgmt.  appliances 


Monitoring  VoIP 

Quovia’s  new  5000  series  appliance  can  manage  IP  telephony  networks 


Q  Working  with  either  a  3Com,  Cisco,  NEC  or  Nortel  IP 
PBX,  the  Quovia  5000  can  be  used  to  update  software 
patches  on  IP  PBXs  and  back  up  an  IP  PBX’s 
configuration  settings  while  the  device  is  online. 


©  The  appliance  also  can  monitor  VoIP  settings, 
such  as  jitter,  delay  and  call  volume,  and 
alert  administrators  if  the  LAN  becomes 
congested  or  if  cal!  latency  increases. 
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Rep.  Edward  Markey  (D-Mass.),  when 
he  was  chairman  of  the  House  Sub¬ 
committee  on  Telecommunications, 
once  announced  that  there  was  good 
news  and  bad  news  about  the  Internet. 
The  good  news,  he  said,  was  that  everyone 
in  Washington  supported  the  Internet. The 
bad  news,  though,  was  that  nobody  knew 
what  it  was. 

The  same  could  be  said  about  legisla¬ 
tors,  administrators  and  other  political 
animals  in  Sacramento,  Calif.;  Austin, 
Texas;  Albany,  N.Y;  or  any  other  state  capi¬ 
tal.  Maybe  it’s  time  we  did  something 
about  it. 

There’s  an  election  coming  up  in  the 
U.S.  in  a  month  and,  while  the  national 


8et  to  know  IT  issues  that  could  affect  the  election 


press  seems  to  be  fascinated  by  what  the 
two  major  presidential  candidate  did,  or 
didn’t  do,  35  years  ago,  there’s  a  decided 
lack  of  coverage  about  what’s  happening 
today  and  what  will  happen  in  the  near 
future. 

In  the  past  year  we’ve  seen  the  passing 
of  the  national  CAN-SPAM  legislation 
(which  hasn’t  helped  reduce  the  junk  in 
my  in-box),  we’ve  seen  a  California  state 
senator  introduce  a  bill  to  ban  Google’s 
Gmail  service  even  before  it  gets  started 
(www.nwfusion.com,  DocFinder:  4028), 
and  we’ve  seen  lots  of  heat  (but  little 
light)  concerning  taxes  and  Internet 
businesses,  regulation  of  VoIP  and 
expensing  of  stock  options.  But  what 
we’ve  really  seen  is  further  evidence  that 
our  elected  representatives  in  the  state 
capitals  and  in  Washington  have  no 
knowledge  of  technology,  the  Internet  or 
the  businesses  and  services  that  the  two 
make  possible. 

I’m  not  going  to  tell  you  who  to  vote  for. 


In  many  cases,  I  couldn’t  help  anyway 
because  the  candidates  are  quite  mum 
when  it  comes  to  technology  issues.  So 
you’ll  need  to  do  your  own  homework, 
and  you’ll  need  to  get  out  and  ask  the 
tough  questions. 

1  doubt  that  anyone  reading  this  will  have 
the  opportunity  to  question  President  Bush 
or  John  Kerry  about  his  vision  for  technol¬ 
ogy  or  that  we’d  understand  the  answer  if 
you  could.  But  in  your  local  elections  for 
state  legislator,  city  council  and  the  like 
there  are  numerous  opportunities  for  indi¬ 
vidual  voters  —  such  as  you  or  me  —  to 
question  the  candidates  directly  and  find 
out  where  they  stand  (or  if  they  even 
understand)  the  issues  that  directly  affect 
your  job  and  your  future. 

It’s  said  that  our  elections  have  become 
the  battleground  of  special  interests.  I 
can’t  think  of  an  interest  more  special  to 
us  than  technology  networks  and  our 
future  with  both.  Talk  to  the  candidates, 
then  be  sure  to  vote. 


Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  be  reached  at 
wired@vquill.  com. 


Tip  of  the  Week 


*■  I  ate  this  month  I'll  be  at 
Ltwo  different  identity 
management  conferences, 
and  I  hope  to  see  you  at 
one  or  the  other.  Digital  ID 
World  in  Denver  (Doc- 
Finder:  4029)  and  the  Mobile 
ID  Services  show  in  San 
:  Francisco  (DocFinder: 

4030).  Each  will  offer  inter- 
VD/,  esting  programs  for  you. 

:  Check  them  out! 


McData  box  offers  SAN  consolidation 
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McData’ s  2640  SAN  Router  offers  Fibre  Channel  and  iSCSI  storage 
aggregation  features. 


■  BY  DENI  CONNOR 

McData  last  week  introduced 
a  Fibre  Channel,  iSCSI  and 
Gigabit  Ethernet  storage-area 
network  router  for  users  who  are 
aggregating  storage  from  a  num¬ 
ber  of  networks  within  an 
organization. 

The  Eclipse  2640  SAN  Router 
provides  interoperability  be¬ 
tween  Fibre  Channel  SANs,  IP 
networks  and  iSCSI  SANs.  The 
SAN  router  also  can  be  used  to 
connect  regional  offices  and 
remote  sites  with  the  data  center 
for  disaster-recovery  purposes  or 
to  consolidate  branch  offices 
into  the  corporate  data  center  for 
management  purposes. 

The  router  also  can  intercon¬ 


nect  SAN  islands  while  preserv¬ 
ing  the  fault  isolation,  security 
and  management  of  those  inde¬ 
pendent  groups.  It  also  can  con¬ 
nect  servers  via  iSCSI  to  Fibre 
Channel  SANs. 

“Products  like  this  SAN  router 
are  really  starting  to  hit  now 
because  customers  have  a  lot 
of  independent  SAN  islands 
that  have  been  created,”  says 
Randy  Kerns,  a  senior  analyst 
with  Evaluator  Group.  “People 
are  wanting  to  get  data 
between  all  these  SAN  islands; 
routing  is  the  way  to  accom¬ 
plish  this.  It’s  also  a  way  to  con¬ 
nect  stranded  servers  back  into 
the  data  center.” 

The  SAN  Router  is  the  first 
product  to  come  out  of  McData’s 


acquisition  of  Nishan  Systems  in 
August  2003.  The  router  has  14 
Fibre  Channel  and  two  Gigabit 
Ethernet  ports.  It  also  sports 
bandwidth  management,  rate 
shaping  and  flow  control  capa¬ 
bilities,  which  let  users  reduce 
packet  loss. 

The  Eclipse  2640  competes 
with  Cisco’s  MDS  9000  Multilayer 
Director  level  switches  and  with 


Brocade’s  7420  Router.  Unlike 
those  devices,  in  replication  over 
distances  it  supports  Fibre  Chan¬ 
nel  termination  in  which  Fibre 
Channel  packets  are  translated 
to  IP  packets  rather  than  being 
tunneled  in  IP  packets. 

The  Eclipse  2640  is  expected  to 
be  available  in  the  fourth  quarter 
of  this  year,  starting  at  less  than 
$1 00,000.  ■ 


F5's  FirePass  4100  can  be  clustered  to  support  up  to  10,000  users. 


F5 

continued  from  page  19 

provides  a  firewall  and  VPN, 
he  says. 

“Depending  on  what  you’re  try¬ 
ing  to  defend  against,  you’ve  got 
a  lot  of  choices.You  have  to  iden¬ 
tify  the  biggest  threat  and  ad¬ 
dress  it,”  he  says. 

F5's  appliance  has  four  ports, 
one  for  connecting  to  a  WAN, 
one  to  a  local  network,  and  two 
for  connecting  to  separate  virtual 
LANs  as  a  way  to  limit  resources 
that  user  groups  can  access.  The 
device  also  includes  a  separate 
chip  to  perform  encryption, 
which  can  improve  performance 


three  to  four  times  vs.  its  gear 
without  them,  the  company  says. 

F5  also  is  announcing  a  new 
version  of  its  FirePass  Controller 
software  that  runs  its  Secure 
Sockets  Layer  remote-access 
gear.  The  new  version  adds  sup¬ 


port  for  Pocket  PC  and  Solaris 
operating  systems.  It  also  simpli¬ 
fies  the  user  interface  for  defin¬ 
ing  users  group  and  associating 
them  with  authorization  to 
access  sets  of  network  re¬ 
sources.  So  it  becomes  quicker 


to  define  resources  for  the  mar¬ 
keting  department  by  giving 
them  access  to  defined  groups 
of  sales  and  accounting  re¬ 
sources  rather  than  identifying 
each  resource  that  makes  up 
those  two  groups. 

Base  price  for  TrafficShield 
4100  is  $40,000.  FirePass  4100 
costs  $25,000.  Both  are  available 
now.H 


Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.com 


and  gives  access  to  the  IP  PBX 
command-line  interface  through 
the  serial  port. 

Quovia  ION  boxes  are  installed 
on  the  network  at  the  Ventura 
County  Unified  School  District  in 
California.  The  school  uses  more 
than  20  3Com  NBX  IP  PBXs  to 
support  more  than  1,200  IP 
phones  in  26  schools,  which  are 
connected  via  a  Gigabit  Ethernet 
metropolitan-area  network. 

“The  Quovia  [appliances] 
give  us  features  that  just  aren’t 
available  on  the  3Com”  IP 
PBXs,  says  Ted  Malos,  IT  direc¬ 
tor  for  the  school  district.  Malos 
uses  the  Quovia  appliances  to 
automatically  power  his  3Com 
NBXs  on  and  off  for  scheduled 
maintenance. 

The  ION  appliance  (and  the 
new  3000  and  5000  series)  also 
have  terminal  server  features. 
This  lets  NBXs  be  plugged  into  a 
serial  port  on  the  Quovia  box 
and  gives  users  remote  access  to 
the  IP  PBX  command  line  via  an 
IP  link. 

Malos  says  he  prefers  this 
method  to  using  telnet  or  Secure 
Shell  to  access  the  IP  PBXs 
directly  over  the  network  be¬ 
cause  those  programs  aren’t 
secure.  It  also  lets  him  shut  off 
telnet  on  his  NBXs,  which  closes 
a  potential  vulnerability  for  a 
network  attack  on  the  boxes. 

The  Quovia  3000  and  5000 
appliances  will  be  available 
next  quarter.  The  3000  starts  at 
$500,  and  the  5000  costs  about 
$2,000.  ■ 
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BlackBerry  Enterprise  Solution,  you  can  extend  your  existing  CRM  and 
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The  BlackBerry  Enterprise  Solution  Difference 

•  Lets  you  extend  your  current  CRM  applications 
and  databases* 
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encryption,  handheld  password  protection,  wireless 
IT  security  commands  and  policies 

•  Provides  flexible  application  deployment  -  build 
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service,  development  tools  and  support  programs 
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Winning  over  skeptics,  VoIP  support  builds 


S  BY  PHIL  HOCHMUTH 

While  brand-name  companies  are  making  news 
with  ambitious  convergence  plans,  other  large 
businesses  eyeing  convergence  say  VoIP  adop¬ 
tion  will  be  more  of  a  slow  march  than  a  sprint. 

Industry  experts  say  that  IP  PBX  and  phone  technol¬ 
ogy  is  ready  for  mass  deployment,  after  years  of  doubts 
about  the  technology’s  ability  to  scale  and  provide 
99.999%  uptime  —  the  tenet  for  system  reliability  among 
corporate  telecom  executives.  But  just  because  the  gear 
is  ready  to  go  doesn’t  mean  every  company  is  ready  for 
a  telecom  rip-and-replace  job,  analysts  and  users  say 
Last  week,  Bank  of  America  announced  plans  to  stan¬ 
dardize  on  Cisco  IP  phones  across  the  entire  company 
with  an  eventual  180,000  IP  phones  running  worldwide. 
Last  month,  Ford  and  SBC  announced  plans  to  install 
50,000  IP  phones  in  the  carmaker’s  U.S.  offices  and 
plants.  And  in  July,  Boeing  said  it  would  install  150,000  IP 
phones  throughout  the  company  worldwide. 

Clearly,  support  for  larger  IP  telephony  rollouts  is 
mounting;  the  number  of  IP  phones  planned  among  just 
Ford,  Boeing  and  Bank  of  America  represent  about  one- 
quarter  of  all  IP  phones  shipped  last  year,  according  to 
IDC.The  research  firm  says  the  installed  base  for  enter¬ 
prise  VoIP  gear  will  grow  dramatically  over  the  next  sev¬ 
eral  years.  About  200,000  IP  PBXs  are  installed  in  organi¬ 
zations  now;  1.4  million  IP  PBXs  are  expected  to  be  run¬ 
ning  by  2008.  Meanwhile,  worldwide  IP  PBX  revenue  will 
more  than  double  from  $2.6  billion  this  year  to  an  antic¬ 
ipated  $6  billion  over  the  same  time  period. 

But  IDC’s  numbers  show  that  the  future  of  business 
telephone  technology  is  not  all  VoIP  —  not  even  a 
majority  IP  PBX  revenue  still  will  account  for  only  two- 
fifths  of  all  business  phone  equipment  revenue  in  four 
years.  By  2008,  the  number  of  circuit-switched  PBX  lines 
installed  in  businesses  and  organizations  worldwide  will 
still  outnumber  the  amount  of  installed  IP  PBX  lines  by 
3  to  1. 

This  is  because  swapping  out  large,  entrenched  busi¬ 
ness  phone  systems  —  usually  consisting  of  multiple 
vendors’  products  —  is  very  complicated,  IT  executives 
say.  Also,  some  users  say  it  is  still  challenging  to  prove  the 
bottom-line  case  for  exchanging  current  PBXs  for  IP  gear. 

On  the  bright  side 

The  large  IP  deployment  plans  that  are  coming  out 
now  signal  IP  PBXs  have  finally  overcome  scalability 
and  reliability  issues  that  dogged  the  technology  for 
years. 

“When  it  comes  to  just  building  a  phone  system,  most 
vendors’  products  are  good  enough  [technically]  for 
that,”  says  Bob  Hafner,  director  of  research  for  Gartner, 
on  recent  IP  telephony  adoption.  When  VoIP  installa¬ 
tions  go  wrong,  he  says, “it’s  not  the  technology;  it’s  the 
implementation  —  either  the  end  user  or  supplier  or 
channel  didn’t  think  of  something.” 

But  while  the  technology  is  now  sound  enough  for 
big-time  rollouts,  besides  the  Boeings  and  Bank  of 
Americas  and  Fords  of  the  world,  IP  telephony  “is  not 
happening  as  fast  as  what  I  had  expected,”  Hafner  says. 
The  holdup  is  that  each  company  must  justify  the  costs 


Big  IP  PBX  rollouts 

Some  of  the  challenges  and  strategies 
involved  with  installing  large  IP  telephony 
networks  include: 

Challenges 

•  Replace  entrenched  PBX  gear  and  phones,  often 
from  multiple  vendors. 

•  Ensure  call  quality  and  feature  parity  on  new  IP 
PBXs  and  phones. 

•  Justify  costs  of  telephony  swap. 

Strategies 

•  Roll  out  IP  telephony  gear  slowly  in  phases  and 
regional  deployments. 

•  Upgrade  data  infrastructure  and  work  with  experts 
with  knowledge  of  voice  and  data  networks. 

•  Conduct  internal  ROI  studies,  evaluating  potential 
cost  savings  on  IP  PBX  management  and  equipment, 
and  quantifying  possible  productivity  gains  from 
converged  applications. 


of  a  convergence  project  and  judge  whether  the  poten¬ 
tial  productivity  enhancements  and  cost  savings  out¬ 
weigh  the  cost  of  ripping  out  working  telecom  gear. 

“Anyone  looking  at  an  IP  PBX  already  has  working 
phones  on  desks,”  Hafner  says. 

VoIP:  How  much,  how  soon? 

Most  IT  professionals  say  IP  telephony  is  an  eventual¬ 
ity.  In  a  survey  of  500  IT  professionals  released  last 
month  by  the  Computing  Technology  Industry  Assoc¬ 
iation,  73%  of  respondents  said  they  use  or  plan  to  use 
convergence  hardware  and  software  over  the  next  12 
months.  But  plans  on  how  much  VoIP  will  be  deployed 
and  when  can  vary  greatly  among  large  organizations. 

“Our  viewpoint  is  that  we  don’t  want  to  deploy  any 
new  digital  PBXs  and  handsets  anymore,”  says  Charles 
Goodall,  director  of  telecommunications  for 
GlaxoSmithKline,  the  pharmaceutical  giant  headquar¬ 
tered  in  the  U.K.“Within  the  next  three  to  four  years,  our 
goal  is  that  the  majority  of  our  phones  will  be  IP  hand¬ 
sets  and  softphones.” 

GlaxoSmithKline  has  multiple  phone  systems  from 
Avaya,  Nortel,  Cisco  and  Siemens,  with  various  amounts 
of  shelf  life  left  in  each  respective  PBX. This  would  make 
an  immediate,  company-wide  change  to  IP  difficult  and 
uneconomical,  he  says. 

“For  the  most  part, you  don’t  save  a  lot  of  money 
upfront,”  Goodall  says  when  installing  new  IP  voice  gear. 
“Let’s  face  it:  [Legacy]  digital  handsets  work.  Whether  or 
not  you  should  get  rid  of  them  depends  on  where  you 
are  in  terms  of  depreciation  and  support  contracts  for 
those  phones,”  he  adds. 

The  firm  recently  took  its  first  steps  toward  conver¬ 
gence  with  an  all-IP  installation  at  a  new  400-employee 
office  in  Charlotte,  N.C.  Every  phone  in  that  building  is  a 


Siemens  IP  phone,  and  the  central  phone  system  is  a 
server-based  HiPath  4000  IP  PBX. 

But  GlaxoSmithKline  will  build  voice  networks  on  IP 
on  a  case-by-case  basis  over  the  next  several  years 
across  the  company 

“I  would  say  IP  phones  are  in  use  in  a  small  percent¬ 
age  throughout  the  company”  and  will  be  for  some 
time,  Goodall  says.  He  says  the  company  will  take  its 
time  choosing  which  vendors’  equipment  to  install,  with 
a  plan  to  standardize  on  a  few  suppliers  for  different 
regions,  such  as  the  U.S.,  Mexico  and  Europe. 

“The  most  important  thing  for  us  right  now  is  to  look 
at  regional  [VoIP]  deployments  and  make  sure  we  have 
standardization  within  various  regions,”  Goodall  says. 

Cost  savings  and  efficiency 

Goodall  says  IP  telephony  in  the  long  run  will  provide 
cost  savings  and  great  efficiency  for  employees,  which  is 
why  he  is  excited  about  the  future. 

Regarding  converged  applications  that  promise  better 
efficiency“I  see  a  lot  of  potential  value  in  that  for  our 
workforce,”  he  says.“We  have  a  large  percentage  of  peo¬ 
ple  who  are  not  in  the  same  office  every  day  or  who  are 
on  the  road  a  lot.” 

Nissan  North  America,  like  GlaxoSmithKline,  closely 
watches  what  its  large-enterprise  peers  are  doing  in  VoIP 

“We  never  think  of  ourselves  as  trailblazers,”  says  Steve 
Lydston,  IS  manager  for  voice  and  data  at  Nissan  North 
America.“We  want  to  be  like  the  fifth  or  sixth  [big  com¬ 
pany]  to  go  down  a  certain  technology  path.” 

The  firm  recently  installed  Siemens  IP  phones  in  a  lim¬ 
ited  rollout  in  its  Atlanta  office,  serving  several  hundred 
users  with  IP  phones.These  phones  were  deployed 
along  with  digital  sets  in  a  hybrid  Siemens  HiPath  sys¬ 
tem.  A  malfunctioning  cable  that  connected  Cisco  LAN 
switches  in  a  stack  caused  problems  in  linking  the  IP 
phones  to  the  hybrid  Siemens  PBX  —  a  problem 
Lydston  hopes  to  avoid  in  other  offices. 

“You  would  think,  listening  to  what  all  the  manufactur¬ 
ers  are  saying,  that  everyone  understands  how  to  do 
this,”  Lydston  says.  Between  his  staff  and  IBM  Global 
Services,  which  Nissan  North  America  is  using  to  out¬ 
source  VoIP  installations, “I  can  count  on  one  hand  the 
number  of  people  who  really  understand  voice  and  IR” 
he  says. 

Lydston  says  he  is  sending  his  staff  to  be  trained  on 
convergence  technologies  alongside  the  IBM  engineers 
also  involved  in  the  company’s  VoIP  projects. 

“When  you  put  it  in  right  and  understand  it,  it 
becomes  really  obvious  that  [IP  telephony]  will  be  the 
way  to  go,”  Lydston  says.“But  we  want  to  manage  the 
speed  at  which  things  happen.  We  want  to  make  sure 
people  really  get  it  first.”  ■ 

More  online! 

Listen  to  highlights  from  Network  World 
columnist's  Johna  Till  Johnson's  keynote  pre¬ 
sentation  on  ways  to  maximize  your  VoIP 
investment. 
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Fastest  Throughput 


Were  this  a  fine  German  car, 
you  would  ask  for  a  test  drive 

We  offer  this  simple  chart. 


LINE-RATE  GIGABIT  &  10  GIGABIT  PORT  DENSITY 


You  admire  precision  engineering  and  seek  out 
maximum  performance.  You  want  the  best.  Presenting 
the  E-Series  from  ForcelO  Networks:  The  first  resilient 
switch/router  to  deliver  672  line-rate  Gigabit  Ethernet 
or  56  line-rate  10  Gigabit  Ethernet  ports  per  chassis  — 
more  than  twice  the  capacity  of  our  competitors. 
That's  Terabit  performance. 


Based  on  ForcelO's  revolutionary  TeraScale  ’  technology, 
the  E-Series  delivers  industry-best  metrics  in  density, 
throughput,  resiliency  and  security.  The  advanced 
architecture  of  the  E-Series  ensures  predictable 
performance  with  traffic-variation  dampening, 
provides  control  plane  resiliency  to  prevent 
DoS  attacks,  and  supports  line-rate,  real-time 
security  filters  for  high  performance  security. 


To  test  drive  the  E-Series  in  your 
network,  contact  us  at  1-866-600-5100 
or  visit  www.torce10networks.com. 
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To  view  independent  TeraScale  test  results  fr 
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YOU  MAY  NOT  HAVE  TIME  TO  STUDY 
THE  TCO  OF  WINDOWS  AND  LINUX, 
THE  YANKEE  GROUP  DOES. 


" For  midsized  arid  large  organizations,  a  significant 
Linux  deployment  will  neither  be  free  nor  easily 
accomplished.  In  fact,  respondents  at  large 
organizations  reported  that  a  wholesale  switch  to 
Linux  from  Windows  or  Unix  would  significantly 
increase  TCO  for  the  forseeable  future." 

-Laura  DiDio,  The  Yankee  Group,  April 2004 
Linux,  Unix,  and  Windows  TCO  Comparison 


The  Yankee  Group,  a  global  research  and  consulting  firm,  concluded 
that  a  significant  switch  to  Linux  from  Windows  or  Unix  could  cost  three 
to  four  times  as  much  without  delivering  tangibly  better  performance  or 
business  value.  These  findings  are  based  on  a  non-sponsored  worldwide 
survey  of  1,000  IT  administrators  and  C-level  executives  in  midsized 
and  large  enterprises. 

To  get  the  full  study,  visit  microsoft.com/getthefacts 


2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of  Microsoft 
Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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Site:  Lessons  from  leading  users 

Postal  Service  delivers 


single  sign-on 


We  deliver 

The  U.S.  Postal  Service  is  using  Passlogix’s  V-GO  SSO  application  to  bring 
single  sign-on  capabilities  to  150,000  of  its  users. 


i  Postal  Server  userattampts  to  sign  on  to 
multiple  systems  after  logging  onto  their  desktop 
with  their  assigned  single  log-on  credentials. 


1  Systems  return  requests  for 
unique  username  and  password. 


Postal 

Server, 

user 


<*)  Passlogix  intercepts 
request  and  provides  to 
each  system  the  right 
credentials,  which  are 
stored  in  an  encrypted 
file  on  the  user’s  desktop. 


Main¬ 

frame 


Line  of 

business 

application 


■  BY  JOHN  FONTANA 

The  most  famous  person  on  the  U.S. 
Postal  Service’s  payroll  —  six-time 
Tour  de  France  champion  Lance 
Armstrong  —  is  known  for  his  singular 
focus,  a  trait  that  appears  to  be  rubbing 
off  on  his  colleagues  who  handle  the 
government  agency’s  IT  services. 

The  focus  in  IT  isn’t  on  a  bicycle  race, 
but  on  single  sign-on  (SSO),  a  way  to 
ease  password  management  for  IT  staff 
and  end  users  alike,  and  help  slash  by 
10%  the  monthly  slog  of  password  reset 
calls  to  the  help  desk. 

The  USPS’  IT  department  is  enjoying 
the  first  fruit  of  a  nearly  two-year  effort 
that  has  resulted  in  the  rollout  of  SSO 
capabilities  to  nearly  150,000  users  who 
access  nearly  1,000  applications  on  the 
agency’s  network. 

“We  believe  single  sign-on  improves 
our  user  experience.  It  reduces  costs 
and  it  actually  improves  security  says 
Wayne  Grimes,  manager  of  customer 
care  operations  for  IT  at  the  USPS. 


Grimes  is  based  in  Raleigh, N.C., the  hub 
of  the  USPS’  distributed  infrastructure. 

“If  you  have  15  or  20  identities  or  pass¬ 
words  for  your  legacy  applications  you 
have  to  have  those  written  down  some¬ 
place  or  stored  in  a  file.  It  might  be  a 
Post-It  note  on  the  terminal,  or  it  might 
be  on  a  piece  of  paper  in  someone’s 
wallet,  or  it  might  be  in  a  file  on  the 
computer.  None  of  those  places  are 
acceptable,”  Grimes  says.  “So  SSO  and 
streamlining  the  number  of  passwords 
that  users  have  has  absolutely  improved 
our  security” 

Grimes  says  the  USPS  has  a  three¬ 
pronged  attack  to  meet  its  goal  of  hav¬ 
ing  users  log  on  once  and  not  have  to 
enter  another  user  ID  or  password  to 
gain  access  to  network  applications  or 
partner  Web  sites.  He  says  the  ultimate 
implementation  of  that  goal  is  SSO,  but 
something  he  calls  single  logon,  which 
requires  the  user  to  re-enter  the  same 
password  at  each  application,  is  another 
acceptable  implementation. 


The  USPS’  three-part  plan  uses  V-GO 
SSO  from  Passlogix,  which  provides 
quick  SSO  capabilities  to  end  users 
without  having  to  modify  applications; 
Oblix  NetPoint  to  provide  SSO  for  exter¬ 
nal  users  coming  onto  the  USPS  net¬ 


work;  and  a  massive  multi-year  project 
to  modify  internally  developed  busi¬ 
ness  applications  for  SSO  using 
Kerberos  and  Microsoft’s  Active  Direc¬ 
tory.  To  date,  the  USPS  has  modified 
See  Postal  Service,  page  30 


liHf 


ms&m. 


Takes 


■  Encentuate  this  week  unveiled 
EncentuateTCI,  identity-based 
access  control  software  that  includes 
client-  and  server-side  features  to  con¬ 
trol  user  authentication  and  autho¬ 
rization.  The  IMS  Server  provides 
centralized  administration  that 
includes  deprovisioning  capabilities, 
and  logging  and  reporting  on  end-user 
activity.  The  client-side  AccessAgent 
integrates  with  access  and  authenti¬ 
cation  systems  including  USB  keys, 
proximity  cards  and  biometric  solu¬ 
tions.  TCI  starts  at  $80  per  user. 

■  Identity  and  data-access  vendor 
Epok  this  week  introduced  Trusted 
Data  Exchange  4.0,  an  identity 
rights  management  platform  that 
helps  companies  control  Web  ser- 


vices-based  data  exchanges.  TDX  4.0 
includes  a  policy  service  to  control  and 
manage  Web  Services  transactions 
including  the  exchange  of  everything 
from  personnel  information  to  regulat¬ 
ed  transactions.  TDX  lets  users  regu¬ 
late  access  to  data  using  policies  in 
the  form  of  digital  contracts  that  gov¬ 
ern  access,  transfer  and  utilization  of 
data.  TDX  costs  $75,000  per  CPU. 

■  Oracle  finally  is  bringing  to  the 
North  American  market  its  Oracle 
E-Business  Suite  Special  Edition, 

a  package  of  pre-installed,  preconfig¬ 
ured  software  from  its  1 1  i  suite  of  bus¬ 
iness  applications.  Oracle  has  offered 
the  bundle  overseas  since  2002.  Plans 
to  bring  it  to  the  U.S.  this  year  were  de¬ 
layed  while  Oracle  recruited  sales  part¬ 
ners.  Oracle  will  offer  financial,  inven¬ 
tory,  discrete  manufacturing,  order 
management,  purchasing,  telesales, 
teleservice,  field  sales  and  business 
intelligence  applications  in  the  bundle. 


Software  follows  trails 
left  by  computer  thieves 


■  BY  ELLEN  MESSMER 

On  rare  occasions  when  employee  lap¬ 
tops  go  missing,  Joe  Scavetti,  chief  infor¬ 
mation  security  officer  at  Pension  Benefits 
Guaranty  in  Washington,  D.C.,  isn’t  content 
to  write  it  off  to  bad  luck.  Scavetti  dog¬ 
gedly  pursues  each  case,  aided  by  soft¬ 
ware  installed  on  each  of  the  laptops  that 
lets  the  devices  call  home. 

The  software,  ComputraceComplete  from 
Absolute  Software,  is  programmed  to  “call 
home”  by  sending  a  small  number  of  pack¬ 
ets  of  data  each  dayeither  over  the  Internet 
or  through  a  dial-up  connection,  to 
Absolute  Software’s  data  center.  The  pack¬ 
ets  identify  the  laptop,  its  IP  address  and 
subnet.  If  a  corporation  reports  the  laptop 
as  stolen,  Absolute  flags  it,  and  the  next 
time  the  laptop  calls  in,  it’s  instructed  to 
call  more  frequently  so  that  Absolute’s 


recovery  team  can  track  down  who  has  it. 

Scavetti,  in  charge  of  security  at  the  quasi- 
federal  agency  set  up  in  the  1970s  to  pro¬ 
tect  private  pension  plans,  has  had  success 
hunting  down  missing  laptops  with  the 
software.“I  have  two  pending  investigations 
right  now  with  laptops  that  were  stolen  in 
the  last  few  months,”  he  says. 

Earlier  this  year,  the  agency  suffered  the 
theft  of  two  laptops,  one  from  a  hotel  in 
San  Diego  and  the  other  out  of  a  car  in 
Texas.  In  both  cases,  the  thieves  began 
using  the  laptops  via  a  network.This  led  to 
clues  about  where  the  laptops  were  phys¬ 
ically  located,  and  within  a  few  days  the 
agency  had  tracked  down  the  suspects 
with  the  help  of  local  police  and  a  local 
ISP  The  suspects  were  brought  into  cus¬ 
tody  and  are  awaiting  trial. 

“We’re  going  to  prosecute  to  the  full 
See  Thieves,  page  30 


26 

NetworkWorld 

10/4/04 

Enterprise  Applications 

www.nwfusion.com 

curity  management  wares  get  smarts 


Companies  add  business  reporting  and  compliance  management  features  to  software  offerings. 


lot  so  simple  SIM 

Security  information  management  isn’t  just  about  collecting  log  data  anymore.  Vendors 
add  more  features  to  help  users  get  more  from  their  security  management  tools. 


Trend 

What's  new 

Sample  vendors 

Business  views 

Correlation  and  reporting  features  that  quickly  can 
show  what  users,  branch  office  or  geographic  location 
are  affected  by  a  security  event. 

Network  Intelligence, 
Open  Service 

Compliance  policies 

Vulnerability  scanning  products  that  can  compare  the 
software  licenses,  device  configurations  and  access 
privileges  against  pre-set  compliance  policies. 

BindView,  Lockdown 

Networks 

Traffic  monitoring 

Internal  network  traffic  behavior  baselining,  which 
detects  anomalies  in  traffic  patterns  to  reveal  existing 
vulnerabilities  and  security  threats,  such  as  a  worm 
or  virus  that  might  have  crept  past  perimeter  devices. 

Lumeta,  Q1  Labs 

■  BY  DENISE  DUBIE 

A  slew  of  security  event  man¬ 
agement  vendors  are  set  to  offer 
products  that  address  everything 
from  how  security  problems 
affect  applications  to  ensuring 
network  devices  comply  with 
internal  and  regulatory  policies. 

ArcSight,  Network  Intelligence 
and  Open  Service  each  will 
release  product  upgrades  that 
promise  to  help  enterprise  IT 
managers  get  a  handle  on  the 
security  events  across  their  net¬ 
works.  SEM  products,  sometimes 
referred  to  as  security  informa¬ 
tion  management  (SIM)  tools, 
automate  the  collection  of  log 
data  from  security  devices  and 
help  users  make  sense  of  it 
through  a  common  manage¬ 
ment  console.  These  tools  usual¬ 
ly  consist  of  software,  servers  and 
agents,  or  probe  appliances, 
depending  on  vendor. 

Applying  logic 

SIM  products  use  data  aggrega¬ 
tion  and  correlation  features  sim¬ 
ilar  to  those  of  network  manage¬ 
ment  software  and  apply  them  to 
logs  generated  from  security 
devices  such  as  firewalls,  proxy 
servers  and  intrusion-detection 
systems  (IDS),  and  from  anti¬ 
virus  software.  SIM  products  also 
can  normalize  data  —  translate 
Cisco  and  Check  Point  alerts,  for 
example,  into  a  common  format 
so  the  data  can  be  correlated. 

The  technology  promises  to 
ease  the  burden  of  security  staff 
trying  to  make  decisions  from 
raw  log  data  collected  off  net¬ 
work  and  security  devices  across 
large  corporate  networks.  Vend¬ 
ors  are  attempting  to  do  more 
than  automate  the  tedious  tasks 
and  provide  customers  with 
more  information  on  what  secu¬ 
rity  events  could  mean, how  they 
could  affect  business  applica¬ 


tions  and  when  systems  could 
be  out  of  compliance  with  regu¬ 
latory  standards. 

For  its  part,  Network  Intelli¬ 
gence  this  week  will  announce 
enVision  2.1,  which  includes  fea¬ 
tures  to  correlate  security  log 
data  to  business  assets,  such  as 
groups  of  users,  geographic  loca¬ 
tions  and  server  farms,  as  well  as 
additional  storage  capabilities  to 
ensure  raw  security  data  is  saved 
and  backed  up  according  to 
compliance  policies.  The  com¬ 
pany  also  introduced  a  GUI  to 
add  intelligence  to  reporting  and 
put  security  incidents  into  a  busi¬ 
ness  perspective. 

When  coupled  with  a  vulnera¬ 
bility  scan, enVision  could  quickly 
show  that,  say  an  office  was  expe¬ 
riencing  a  security  problem,  such 
as  a  downed  firewall,  without  hav¬ 
ing  to  understand  the  complexi¬ 
ties  of  firewalls  and  IDSs. 

On  top  of  regulations 

Company  executives  say  com¬ 
pliance  modules  added  to  the 
product  could  help  companies 
stay  on  top  of  regulatory  require¬ 
ments.  EnVision  2.1  also  can  take 
advantage  of  an  add-on  storage 


array  the  vendor  released  last 
month.  The  SIM  add-on  storage 
array  sits  behind  Network  Intel¬ 
ligence’s  LS,  ES  or  HA  security 
appliances,  and  protects  and 
compresses  data  stored  on  it.The 
company’s  latest  release  is 
priced  at  $20,000,  $80,000  or 
$200,000, depending  on  the  num¬ 
ber  of  devices  managed. 

Network  Intelligence 
also  added  capabilities 
that  let  software  spot 
anomalies  in  security 
and  network  traffic,  simi¬ 
lar  to  products  from  Lum- 
eta  and  Q1  Labs.  The  traf¬ 
fic-monitoring  capabili¬ 
ties  would  let  software 
alert  security  staff  to 
problems  before  they 
happen. 

“For  example,  instead  of 
asking  the  user  to  build 
rules  to  look  for  some 
thing  specific,  the  product  will 
look  for  subtle  anomalies  on  its 
own, using  its  knowledge  of  what 
is  normal  based  on  traffic 
source,  destination,  payload  and 
users,”  says  Matt  Stevens,  presi¬ 
dent  of  Network  Intelligence. 

OpenService  in  its  Security 
Threat  Manager  3.0  also  in¬ 
cludes  capabilities  to  correlate 
security  alerts  with  business 
users,  applications  and  assets. 
The  latest  revision  of  the  prod¬ 
uct  will  map  threats  to  pre¬ 
defined  business  assets  in  near 
real  time,  and  provide  a  trend 
perspective  to  help  security 
managers  determine  their  most 
vulnerable  spots  and  start  to 
secure  them,  for  example. 

The  feature  also  will  point  out 
to  security  staff  at  a  manufactur¬ 
ing  company  if  a  security  prob¬ 


lem  will  affect  the  continual 
process  manufacturing,  which 
is  critical  to  the  business 
and  therefore  needs  immediate 
attention. 

Essentially,  OpenService  says 
it’s  trying  to  add  more  intelli¬ 
gence  to  its  alerting  and  correla¬ 
tion  engine.  In  the  past,  the  prod¬ 


uct  would  collect  alerts  and  filter 
our  redundancies,  and  now  the 
company  says  Security  Threat 
Manager  can  help  IT  staff  priori¬ 
tize  responses  to  incidents  based 
on  pre-defined  business  policies. 
The  vendor  also  added  platform 
support  to  include  Linux. 

“We  needed  a  tool  that  could 
identify  and  extract  all  relevant 
data  from  our  firewalls,  IDSs, 
routers,  switches  and  so  on,”  says 
Adam  Hansen,  manager  of  infor¬ 
mation  security  for  the  law  firm 
Sonnenschein,  Rosenthal  &  Nath 
in  Chicago.  “We  wanted  to  see 
our  security  events  related  to  the 
network  and  vice  versa.” 

Hansen  uses  Security  Threat 
Manager  (a  beta  version  of  3.0  is 
currently  in  the  firm’s  labs),  but 
the  business  intelligence  feature 
isn’t  as  much  of  interest  to  him  as 


the  product’s  ability  to  say  “Hey 
dummy,  look  at  this.This  is  where 
the  problem  is,”  he  says. 

For  Hansen,  four  full-time  staf¬ 
fers  and  one  consultant  wasn’t 
enough  to  keep  up  with  the  logs 
on  more  than  100  managed 
devices.  He  couldn’t  hire  any¬ 
one,  so  he  purchased  a  new 
product  that  he  says  reduces 
manual  work  and  does  some  of 
the  thinking  for  him. 

“It  prevents  us  from  having  to 
figure  out  that  a  bunch  of  events 
from  different  devices  are  all 
caused  by  one  thing,”  he  says. 

Yet  the  product  isn’t  plug  and 
play  He  says  he  took  the  time  to 
get  the  agents  pushed  out  to 
managed  devices  and  runs  regu¬ 
lar  checks  to  ensure  it’s  tuned  to 
his  network.  He  also  worked  with 
the  vendor  to  get  more  open 
source  and  vendor-specific  infor¬ 
mation,  such  as  Check  Point  fire¬ 
wall  metrics  or  Cisco  switch 
data,  into  the  product. 

Entry-level  pricing  for  Security 
Threat  Manager  is  priced  at 
$50,000,  with  the  average 
implementation  costing 
about  $100,000.  Price  de¬ 
pends  on  the  number  of 
devices  and  data  collection 
points  monitored. 

Security  storage 

Separately,  ArcSight  last 
week  introduced  a  software 
product  the  vendor  says  will 
help  customers  store  and 
retrieve  security  data. 

ArcSight  SmartStorage 
uses  the  partitioning  avail¬ 
able  in  enterprise  database 
systems  such  as  Oracle  and  pro¬ 
vides  a  customized  algorithm  for 
information  that  is  no  longer 
needed  in  real  time.  When  a  par¬ 
tition  reaches  the  end  of  its  real¬ 
time  life,  it  is  automatically  com¬ 
pressed  and  stored  on  the  same 
physical  volume,  but  in  a  much 
smaller  state.  If  that  partition  is 
needed  for  investigation,  audit  or 
reporting,  it  can  be  recalled  via 
the  console  and  reintroduced  to 
the  live  data  set.  When  the  parti¬ 
tion  is  no  longer  needed,  it  can 
be  sent  back  to  the  compressed 
archive. 

ArcSight  SmartStorage  is  part 
of  the  basic  ArcSight  3.0  Security 
Information  Management  soft¬ 
ware  system.  It  is  not  priced  sep¬ 
arately.  Overall  ArcSight  pricing 
starts  at  $50,000  and  can  go  up  to 
$200,000.  ■ 
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In  February,  California  Gov.  Arnold 
Schwarzenegger  ordered  “a  focused 
examination  and  assessment  of  Cali¬ 
fornia  state  government.”  The  $10  million 
review,  conducted  by  about  275  state 
employees  and  released  in  early  August, 
calls  for  about  a  bizillion  changes  to  the 
way  that  state’s  government  is  run. 

The  2,500-page  report  says  California 
would  save  billions  of  dollars  per  year  if 
all  the  suggestions  were  implemented. 
Recommendations  include  using  more 
open  source  software  and  replacing  the 
state  phone  system  with  a  VoIP  one. 
Maybe  California  can  do  both. 

The  report  (www.report.cpr.ca.gov/)  rec¬ 
ommends  switching  to  open  source 
because  of  a  “much  lower  total  cost  of 


Is  part  of  the  future  of  VoIP  open? 


ownership”;  improved  security“due  to  the 
extreme  scrutiny  of  the  source  code 
before  being  deployed”;  support  for  multi¬ 
ple  environments  (that  is,  not  just 
Microsoft);  and  lower  maintenance  costs; 
and  because  it  is  “often  less  vulnerable  to 
viruses.”  1  expect  Microsoft  disagrees  with 
much  of  this,  but  if  anyone  can  stand  up  to 
“The  Bill”  it’s  “The  Govenator.” 

The  report  recommends  switching  to 
VoIP  for  both  cost  and  function  reasons. 
The  report  estimates  that  switching  could 
cut  $10  to  $40  off  the  average  $80  per 
month  that  the  state  pays  for  a  phone  line. 
Considering  how  many  phone  lines 
California  pays  for,  even  converting  half 
the  phones  to  VoIP  could  save  as  much  as 
$6.3  million  per  month. 

If  that  level  of  savings  could  be  realized, 
then  the  $6.5  million  conversion  cost 
would  be  covered  in  less  than  two 
months.  Even  the  report’s  most  pessimistic 
numbers  would  have  the  break-even 
point  within  five  months. The  report  does 
not  talk  about  open  source  with  VoIP  but 


lots  of  other  people  are  these  days. 

A  quick  Google  search  comes  up  with 
about  456,000  hits  for  ‘“open  source’  + 
voip.”  Some  of  the  more  prominent 
include:  SIPFoundry  (www.sipfoundry 
.org),  to  which  Pingtel  donated  its  soft¬ 
ware;  Asterisk  (www.asterisk.org),  which 
announced  its  1.0.0  release  at  the  end  of 
September;  and  the  Vovida  Open 
Communication  Application  Library 
(www.vovida.org),  which  has  been 
around  since  2002. 

Google  also  turned  up  some  sites  that 
list  available  VoIP  software  including  VOIP- 
info  (www.voip-info.org),  whose  Web  site 
includes  a  section  on  open  source  soft¬ 
ware  (see  www.nwfusion.com,  DocFin- 
der:  4027).  Most  of  open  source  VoIP  soft¬ 
ware  supports  the  IETF’s  Session  Initiation 
Protocol  and  some  also  supports  the 
older  ITU-T  H.323  specification.  Open 
source  VoIP  software  exists  for  phones, 
proxies,  gateways  and  even  for  billing 
(www.trabas.com/opensource/). 
Somehow  the  concept  of  open  source 
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700  applications. 

“There  is  no  single  technology  solu¬ 
tion  to  solve  single  sign-on.  If  there 
was,  the  whole  world  would  be  clam¬ 
oring  for  it,”  Grimes  says. 

But  the  USPS  uses  Passlogix  as  the 
baseline  for  its  SSO  strategy  and  to 
bridge  the  gap  while  it  modifies  some 
applications  for  native  SSO,  Grimes 
says. 

V-GO  SSO  works  from  a  user’s  desk¬ 
top  by  keeping  an  encrypted  file  of 
access  credentials  for  every  applica¬ 
tion  available  to  that  user.  V-GO  SSO  is 
first  activated  when  a  user  logs  on  to 
an  application.  The  software  asks  the 
user  if  he  wants  V-GO  to  manage 
access  to  that  application.  If  the  user 
agrees,  the  password  is  stored  in  the 
V-GO  file. 

Next  time  the  user  logs  on  to  that 
application,  V-GO  intercepts  the  appli¬ 
cation’s  logon  request,  grabs  the  appro¬ 
priate  credentials  from  its  profile  store 
and  presents  it  to  the  application. The 
only  password  users  need  is  their  desk¬ 
top  logon. 

“Ideally  from  a  central  management 
standpoint,  we  don’t  have  to  put  pre¬ 
defined  user  definitions  out  on  these 
1,000  applications,”  Grimes  says.  “That 
would  almost  be  like  a  Y2K  effort  to  go 
out  and  identify  all  those  applications.” 

Grimes  says  there  are  other  benefits, 
including  a  Passlogix  logging  feature 
that  details  who  accesses  applications 
and  how  often,  data  that  helps  deter¬ 
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mine  if  applications  are  still  of  value, 
especially  mainframe  applications. 

“If  you  have  a  ROI  for  applications 
and  you  are  getting  ready  to  enhance 
that  application  and  you  find  you  only 
have  10  users  and  it  will  cost  you 
$300,000  to  upgrade,  well  we  now  have 
more  information  on  whether  it  would 
be  better  to  retire  that  application,” 
he  says. 

Driven  by  help  desk  calls,  password 
reset  requests  and  user  satisfaction, 
the  USPS  began  evaluating  V-GO 
nearly  two  years  ago  as  part  of  an 
upgrade  of  130,000  desktops  from 
Windows  95  and  a  Novell  back  end  to 
Windows  XP  and  Active  Directory. 

Grimes  says  the  eventual  rollout  of 
V-GO,  which  concluded  in  August, 
included  schema  changes  made  to 
Active  Directory  to  implement  V-GO, 
and  the  creation  of  templates  to  help 
V-GO  deal  with  unique  logon  require¬ 
ments  of  Java  and  mainframe  applica¬ 
tions.  Grimes  also  has  V-GO  password 
files  replicated  to  Active  Directory  so 
users  can  roam  to  different  machines 
and  retain  their  SSO  capabilities. 

Grimes  said  it  took  only  one  full-time 
and  one  part-time  administrator  for  the 


first  few  months  of  the  V-GO  deploy¬ 
ment,  but  once  the  rollout  got  going  the 
only  tasks  were  developing  V-GO  tem¬ 
plates  and  testing,  which  did  not  require 
a  full-time  dedicated  employee.  He 
would  not  reveal  what  the  USPS  spent 
on  the  implementation. 

Now  the  USPS  is  working  on  SSO  syn¬ 
chronization  between  Active  Directory 
and  a  mainframe  security  platform 
from  Computer  Associates  called 
ACF2,  which  contains  user  accounts 
and  passwords. 

“It  will  take  us  years  to  convert  our 
applications,  but  our  strategy  is  that  we 
are  not  going  to  convert  them  just  for 
SSO,”  Grimes  says. 

“The  next  time  we  have  a  mainte¬ 
nance,  update  or  enhancement  for 
those  applications,  then  we  will  imple¬ 
ment  the  SSO  enhancements,”  he  says. 
“Passlogix  bridges  that  gap  and  will 
probably  be  here  forever.  Can  you 
image  how  long  it  will  take  to  go  into 
each  one  of  those  applications  and 
modify  the  code?" 

Grimes  can,  and  his  current  SSO 
implementation  buys  him  time  to 
cycle  through  the  steps  needed  to 
complete  the  enormous  task.  ■ 
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billing  seems  a  bit  funny.  But  because  a  lot 
of  VoIP  will  have  to  be  connected  to  the 
paying-world  regular  phone  system,  I 
guess  billing  can  be  useful. 

The  Apache  Web  server  and  Linux  have 
both  proved  that  open  source  can  be 
quite  successful  within  big  companies.  It 
will  be  interesting  to  see  if  California  and 
other  VoIP  users  embrace  the  Apache/ 
Linux  example  or  would  rather  the  tradi¬ 
tional  phone  system  vendor  picture  paint¬ 
ed  by  Nortel,  Lucent,  Avaya  and  others, 
maybe  even  by  Microsoft. 

Call  me  radical, but  I’m  far  from  sure  that 
these  old  masters,  to  borrow  a  concept, 
will  paint  the  best  pictures. 

Disclaimer:  Harvard  has  museums  full  of 
old  masters,  as  well  as  a  lot  of  other  things, 
and  buildings  full  of  not  so  old  folks,  many 
of  whom  will  be  seen  as  masters  some 
day.  But  the  above  muse  is  my  own. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 
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extent  of  the  lav/’  Scavetti  says,  and  adds 
that  laptop  theft  warrants  a  tough  response 
if  only  because  data  stored  on  laptops 
might  contain  sensitive  personal  and  busi¬ 
ness  information  about  individual  pension 
plans.“Use  of  that  data  could  lead  to  iden¬ 
tity  theft,  too,”  he  says. 

A  few  weeks  ago,  Absolute  celebrated  its 
1,000th  recovery  of  stolen  or  otherwise 
missing  computers  for  customers  in  the 
corporate,  government  and  academic  are 
nas  since  1996.  It  makes  a  version  of 
CompuTrace  for  the  Macintosh  and  Win¬ 
dows.  “We  have  a  90%  recovery  rate,”  says 
Ben  Haidri,  Absolute’s  vice  president  of 
marketing. 

Absolute’s  recovery  team  includes  for¬ 
mer  law  enforcement  officers  familiar  with 
the  procedures  associated  with  subpoenas 
that  are  needed  to  obtain  information 
from  ISPs  about  network  accounts.  “We 
usually  get  a  name  and  the  physical 
address,”  Haidri  says. 

He  says  many  ISPs  are  starting  to  charge 
for  that  information  because  they’re  inun¬ 
dated  with  requests.The  fee  typically  is  $25 
to  $50  to  run  the  report,  and  if  you  ask 
them  to  then  start  preserving  data  associ¬ 
ated  with  that  account,  they  might  charge 
an  extra  $100  to  $200,  Haidri  says. 

Absolute’s  software,  sold  as  a  service, 
costs  about  $129  for  three  years’  protec¬ 
tion  for  one  PC.This  includes  an  offer  of  a 
$1,000  guarantee  if  a  stolen  laptop  isn’t 
found  within  60  days.  Rates  based  on 
shorter  or  longer  terms  are  also  available. 
A  few  weeks  ago,  Absolute  began  offering 
its  asset-tracking  service. 

Absolute’s  service  competes  with  offer¬ 
ings  from  CyberAngel  Security  Solutions, 
Stealth  Signal,  ZeaSoft  and  zTrace 
Technologies.  ■ 
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■  Last  week  Leucadia  National 

filed  a  report  with  the  Securities  and 
Exchange  Commission  saying  it  has 
sold  all  its  shares  of  MCI  stock.  Leu¬ 
cadia  owned  about  5%  of  MCI  and 
sold  its  share  for  a  pre-tax  profit  of 
about  $20  million.  The  document  says 
this  sale  "should  not  be  interpreted  to 
mean  that  [Leucadia]  is  no  longer 
interested  in  acquiring  control  of  MCI, 
but  no  assurance  can  be  given  that 
[it]  will  acquire  control  of  MCI."  The 
company  made  headlines  in  July  when 
it  filed  for  permission  with  the  SEC  to 
buy  at  least  50%  of  MCl's  shares. 

Since  then  there  hasn't  been  much 
public  action  on  either  side  regarding 
a  potential  deal.  But  last  week  it  was 
revealed  that  MCI  hired  three  invest¬ 
ment  bankers  to  help  the  carrier  sort 
through  potential  offers. 

■  Qwest  last  week  said  it  has  expand¬ 
ed  its  business  VoIP  service  to  10 

additional  markets.  Qwest's  OneFlex 
service  is  now  available  in  Albuquer¬ 
que,  N.M.;  Billings,  Mont.;  Bismarck, 
N.D.;  Casper,  Wyo.;  Des  Moines,  Iowa; 
Omaha,  Neb.;  Portland,  Ore.;  Salt 
Lake  City;  Seattle;  and  Sioux  Falls, 
S.D.The  service  began  in  June  in 
Boise,  Idaho;  Denver;  Minneapolis; 
and  Phoenix.  Qwest  plans  to  add  12 
additional  markets  by  year-end. 

■  According  to  Nucleus  Research, 
fewer  than  20%  of  large  companies 
use  instant  messaging  throughout 
their  organizations.  The  study  says 
that  “negative  publicity  surrounding 
instant  messaging"  is  one  of  the  rea¬ 
sons  it  has  not  been  more  widely  de¬ 
ployed.  The  study  says  that  many  still 
view  IM  as  "a  toy  that  takes  time 
away  from  employees’  productive 
hours,  instead  of  a  tool  that  can  help 
them  communicate  more  efficiently.” 
Of  the  companies  that  have  deployed 
IM,  the  average  usage  time  was  15.3 
minutes  per  day,  per  user,  although 
Nucleus  says  that  times  varied  widely 
among  respondents.  Although  some 
said  they  used  IM  for  non-work  relat¬ 
ed  communications,  Nucleus  says 
eight  out  of  nine  respondents  said 
they  only  use  it  for  business. 


Upstart  firm  touts  remote 


DSLAM 


■  PROFILE: 

CRITICAL  TELECOM 

Location: 

Ottawa 

Founded: 

1987 

Management: 

Oliver  Cruder,  president  and  CEO;  Mark  Labbe,  CTO;  Nancy  Macartney, 
vice  president,  operations. 

Employees: 

40 

Products: 

Gemini  Ethernet  remote  DSLAM,  a  broadband  access  platform  for 
IPTV,  FTTX  and  multimedia  applications. 

Customers: 

Telus,  other  carriers  in  North  America  and  Europe. 

Fast  fact: 

Company  initially  was  called  Critical  Control,  a  contract  engineering 
services  firm.  It  changed  its  name  in  2000  when  its  focus  shifted 
exclusively  to  telecom. 

■  BY  JIM  DUFFY 

A  privately  held  Canadian  company  is 
attempting  to  head  off  more-established 
players  in  bringing  next-generation  broad¬ 
band  capabilities  to  North  American  carri¬ 
ers  and  their  customers. 

Critical  Telecom,  a  40-employee  firm  in 
Ottawa,  this  week  will  unveil  an  Ethernet 
remote  DSL  access  multiplexer  (DSLAM) 
designed  to  integrate  fiber  and  copper  any¬ 
where  in  an  access  network.  The  compa¬ 
ny’s  Gemini  remote  DSLAM  is  intended  to 
address  carrier  requirements  for  equip¬ 
ment  to  support  the  provisioning  of  bun¬ 
dled  multimedia  services  that  have  differ¬ 
ent  transport  characteristics  and  can  be 
dynamically  requested  or  altered. 

Such  services  will  result  from  projects 
such  as  SBC’s  Fiber-to-the-Node  (FTTN) 
buildout,  in  which  fiber  will  be  extended 
farther  out  to  businesses  or  consumers  for 


■  BY  DENISE  PAPPALARDO 

According  to  a  recent  study  from  Insight 
Research,  private  line  revenue  will  dip  4% 
this  year  to  $33.9  billion  from  $35.5  billion 
in  2003  —  despite  increased  usage. 

This  year  there  is  predicted  to  be  about 
20,000  more  T-l  circuits  deployed  than  in 
2003,  and  7,500  more  T-3  circuits,  says 
Robert  Rosenberg,  president  at  the  con¬ 
sulting  firm.This  same  trend  is  true  with  pri¬ 
vate  line  services  all  the  way  up  to  OC-192. 

The  increase  in  lines  deployed  is  not 
translating  to  higher  carrier  revenue  for 
three  main  reasons,  he  says. 

Competitive  pricing  that  still  hasn’t 
reached  rock  bottom  is  the  main  reason. 
“It’s  the  same  beast  that’s  stalking  all  of  tele¬ 
com.  . .  .There  are  too  many  carriers,  some 
of  which  are  taking  customers  at  any 
price,”  Rosenberg  says.  Pricing  pressure  is 
most  pronounced  with  long-distance  carri¬ 
ers  such  as  AT&T,  MCI  and  Sprint,  he  says. 

Users  also  are  opting  for  more  cost-effec¬ 
tive  services  such  as  buying  wavelengths, 
he  says.  This  is  especially  true  for  carriers 
and  very  large  corporations  that  are  choos¬ 
ing  optical  wavelength  services  vs.  dedicat¬ 
ed  private  lines.  There  is  so  much  capacity 


delivery  of  IP  TV  services,  which  will  posi¬ 
tion  DSLAMs  more  remotely  from  a  carrier’s 
central  office  and  closer  to  subscribers. 
Gemini  features  an  integrated,  two-port 


Private  line  dip 

A  4%  decline  in  service  revenue 
is  seen  for  2004. 
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deployed  that  fiber  strands  are  not  as 
expensive  as  they  once  were,  he  says. 

The  third  reason  private  line  service  rev¬ 
enue  is  taking  a  hit  is  because  more  users 
are  opting  for  Gigabit  Ethernet,  he  says. 
“Gigabit  Ethernet  is  still  a  nascent  market,” 
Rosenberg  says.  But  it’s  an  alternative  that 
was  not  widely  available  five  years  ago.  ■ 


Gigabit  Ethernet  Layer  2  switch  for  sub¬ 
tending  or  backhaul,  IP  transport  and  sup¬ 
port  for  24  to  192  ADSL2+  non-blocking 
ports. 

Gemini  also  features  a  so-called  virtual¬ 
ization  architecture  that  lets  service  pro¬ 
viders  map  users,  features  and  services  to¬ 
gether  despite  logical  and  physical 
changes  to  a  network,  such  as  outside  plant 
topology  and  wiring,  regulatory  policy  and 
services. 

The  device  can  be  line-powered,  mean¬ 
ing  it  does  not  require  any  additional 
power  source. 

Gemini  is  deployed  at  Canadian  carrier 
Telus,  the  seventh-largest  telco  in  North 
America.  Sixty-six  percent  of  Telus’  Internet 
access  subscribers  are  high-speed,  so  the 
carrier  has  invested  $1  billion  to  expand  its 
asymmetric  DSL  (ADSL)  network  to  every 
home  and  workplace  in  38  communities  in 
Alberta  and  British  Columbia. 

Critical  Telecom  secured  the  contract  1 8 
months  ago  for  a  next-generation  remote 
Ethernet  DSLAM  to  support  Telus’  extend¬ 
ed-reach  ADSL  requirement. 

Challenges  ahead 

Still,  it  might  be  tough  for  Critical  Tele¬ 
com  to  land  another  contract  of  that  sig¬ 
nificance  in  North  America  because  large 
carriers  usually  award  equipment  con¬ 
tracts  to  large,  established  and  deep-pock¬ 
eted  vendors. 

SBC,  for  instance,  has  reportedly  handed 
its  FTTN  integration  work  to  Alcatel  and 
Lucent;  and  Adtran  is  a  well-entrenched 
incumbent  supplier  of  remote  digital  loop 
carriers  and  DSLAMs  to  SBC  and  other 
RBOCs. 

“Adtran’s  been  making  equipment  that 

See  Critical  Telecom,  page  S4 


Private  line  usage  up, 
but  revenue  is  falling 
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Just  2  weeks  until 
Fall  VON  in  Boston 

Don’t  miss  out  on  the  most  significant  networking 
opportunity  of  the  year. 

October  18-21,  2004 

Hynes  Convention  Center «  Boston,  MA 

Look  who  will  be  there: 

>  5000  Carrier,  service  provider  and  vendor  participants 
>190+  IP  Communications  exhibitors 

>  300+  World-leading  speakers  including: 

•  Cathy  Martine,  SVP,  AT&T 
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•  Anoop  Gupta,  VP,  Microsoft 
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•  US  Senator  John  Sununu  (R-NH) 

•  Jeff  Pulver,  CEO,  pulver.com 

•  Terry  Matthews,  Chairman,  Mitel  Networks 

•  Shabtai  Adlersberg,  CEO,  AudioCodes 

•  Jack  Waters,  CTO,  Level  (3)  Communications 
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Intel  -  and  the  highest  concentration  of  policy  makers  and  regulators 
in  IP  Communications 
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A  few  things  to 
know  before 
presence 
really  takes  off 


Cisco’s  recent  move  to  acquire 
Dynamicsoft  highlights  the  emerg¬ 
ing  importance  of  presence.  In  addi¬ 
tion  to  softswitch  capabilities,  Cisco 
reportedly  was  interested  in  Dynamic- 
soft’s  presence  engine,  which  integrates 
multiple  sources  of  presence  (mobile/ 
GSM,  Session  Initiation  Protocol,  Simple 
Object  Access  Protocol,  calendaring  and 
others)  to  let  service  providers  offer  pres¬ 
ence-based  solutions. 

A  few  leading-edge  companies  are  talk¬ 
ing  about  the  concept  of  a  presence  aggre¬ 
gator  or  presence  clearinghouse:  a  single 
entity  that  will  capture  multiple  sources  of 
presence  information,  including  geogra¬ 
phy  (GPS,  GSM),  availability  and  context 
(who’s  logged  on  to  or  using  particular 
applications). 

A  handful  of  enterprise  organizations 
have  embraced  presence  and  are  docu¬ 
menting  clear  business  benefits.  Over  the 
next  12  months,  these  early  adopters  will 
seek  to  expand  that  value  by  extending 
presence  to  select  outsiders,  and  embed¬ 
ding  it  within  more  applications  and 
devices.  As  that  happens,  the  market  for 
presence  aggregators  will  heat  up. 

I’ve  defined  presence  in  some  of  my  ear¬ 
lier  columns,  but  here  are  the  more  com¬ 
mon  questions  I’m  asked: 

Isn’t  presence  the  same  thing  as  instant 
messaging? 

No.  IM  uses  presence  data,  but  pres¬ 
ence  is  a  broader  concept  than  IM.  It’s  a 
little  like  equating  your  BlackBerry  with 
e-mail.  The  BlackBerry’s  merely  the 
reader;  e-mail  includes  the  client  soft¬ 
ware,  the  server  and  a  common  commu¬ 
nications  protocol. 

But  I  don’t  want  the  entire  world  know¬ 
ing  where  I  am  and  what  I’m  doing  every 
minute  of  every  day.  Isn’t  that  an  invasion 
of  privacy? 

Not  if  it’s  managed  effectively.  A  sales¬ 
person  might  elect  to  be  as  available  as 
possible  to  his  key  clients,  while  an  engi¬ 
neer  might  list  herself  as  “unavailable”  to 
everyone  but  her  programming  team  — 
and  communicate  with  them  only  via  IM 
or  e-mail. 

Does  presence  primarily  apply  to  large  IT 
organizations?  Where  does  the  concept  of 
a  presence  carrier  come  in? 

Interestingly  the  very  concept  of  pres¬ 
ence  was  pioneered  by  Bell  Labs  re¬ 


searchers  who  had  the  key  insight  that  true 
communications  wasn’t  about  locating 
somebody’s  phone,  it  was  about  locating 
them.AOL  is  one  of  the  early  promoters  of 
presence  clearinghouses. 

What  about  Microsoft?  Doesn’t  it  already 
own  the  presence  applications  market? 

Microsoft  is  certainly  making  a  con¬ 
certed  push  toward  presence  with  its  Live 
Communications  Server.  But  companies 
investing  heavily  in  presence  applications 
range  from  well-capitalized  heavy  hitters 
(IBM,  Oracle,  Cisco,  Nortel,  Avaya)  to  ag¬ 
gressive  start-ups  (Facetime,  IMlogic, 
Akonix,  Parlano) .  It’s  far  too  early  to  crown 
Microsoft  the  undisputed  ruler. 

The  concept  of  presence  is  still  futuris¬ 
tic,  and  the  notion  of  presence  aggrega¬ 
tors  or  clearinghouses  is  still  at  least  three 
to  five  years  off.  But  a  good  example  for 
how  presence  information  is  likely  to 
evolve  is  the  development  of  the  con¬ 
verged  cell  phone/e-mail-reader/PDA.  Five 
years  ago,  cell  phones  and  PDAs  were  dif¬ 
ferent  devices  entirely,  and  reading  e-mail 
required  a  PC  or  terminal.  Now  67%  of  IT 
participants  in  a  recent  Nemertes  bench¬ 
mark  say  their  users  rely  on  mobile 
devices  to  read  e-mail  —  and  a  whopping 
22%  of  users  rely  on  cell  phones. 

Watch  for  similar  convergence  in  the 
presence  arena. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Critical  Telecom 

continued  from  page  33 

the  telephone  companies  know  and 
trust  for  decades,”  says  Jim  Lawrence,  an 
analyst  at  Stratecast  Partners.  Critical 
Telecom’s  “importance  is  more  from 
influencing  product  design  and  poten¬ 
tially  carrier  architectures.  They’ve  got  a 
smart  little  product,  and  it  doesn’t  hurt  at 
all  to  have  a  real-world  deployment.” 

Alcatel,  which  is  also  an  SBC  incumbent 
vendor,  announced  its  own  IP  DSLAM 
two  weeks  ago.  Lucent  is  expected  to 
partner  with  Pedestal  for  the  remote 
DSLAM/DLC  requirement  at  SBC. 

But  Critical  Telecom’s  Gemini  might 
give  carriers  pause,  Lawrence  says.  Car¬ 
riers  might  try  to  push  their  own  vendors 
into  developing  a  similar  product  or  into 
acquiring  the  smaller  company 

“As  far  as  having  demonstrated  a  new 
product  architecture  in  this  market  — 
and  also  against  a  somewhat  new  DSL 
deployment  architecture  —  they  are 
coming  into  a  space  where  they  have  a 
product  optimized  for  something  that 
few  other  vendors  have,”  Lawrence  says. 

Pricing  for  Gemini  was  not  disclosed.  ■ 
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Can  your  network  carry  it  all? 


GAIN  ADAPTABILITY.  Can  your  network  carry  both  voice  and  data  throughout  the  world?  Can  it  ease  you  into  IP  telephony 
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LLDP  helps  troubleshoot  map  and  more 


HOW  IT  WORKS 


LLDP 

The  IEEE  802.1AB  Link  Layer  Discovery  Protocol  defines 
a  standard  way  for  Ethernet  devices  to  advertise 
information  about  themselves  to  their  network 
neighbors  and  store  information  they  discover  from 
other  devices. 


©  The  devices  store  the  information  they  learn  about  each  other  in  local  MIB  databases 
accessible  via  SNMP. 

©  A  network  management  system  retrieves  the  data  stored  by  each  device  and  builds  a 
network  topology  map. 


■  BY  ANJA  ALLEN  AND  DAVID  FRATTURA 

The  soon-to-be-ratified  IEEE  standard, 
802. 1AB  Link  Layer  Discovery  Protocol, 
promises  to  simplify  troubleshooting  of 
enterprise  networks  and  enhance  the  abil¬ 
ity  of  network  management  tools  to  dis¬ 
cover  and  maintain  accurate  network 
topologies  in  multi-vendor  environments. 
The  protocol  is  expected  to  become  an 
official  standard  next  month. 

LLDP  is  a  neighbor  discovery  protocol.  It 
defines  a  standard  method  for  Ethernet 
network  devices  such  as  switches,  routers 
and  wireless  LAN  access  points  to  adver¬ 
tise  information  about  themselves  to  other 
nodes  on  the  network  and  store  the  infor¬ 
mation  they  discover.  Details  such  as 
device  configuration,  device  capabilities 
and  device  identification  can  be  adver¬ 
tised  using  this  protocol. 

In  particular,  LLDP  defines  a  set  of  com¬ 
mon  advertisement  messages,  a  protocol 
for  transmitting  the  advertisements  and  a 
method  for  storing  the  information  con¬ 
tained  in  received  advertisements. 

Multiple  advertisement  messages  are 
transmitted  in  one  LAN  packet  by  the  adver¬ 
tising  device  in  the  form  of  a  type  length 
value  (TLV)  field. 

All  LLDP-capable  devices  must  support 
device  chassis  ID  and  port  ID  advertise¬ 
ments,  but  it  is  expected  that  most  imple¬ 
mentations  also  will  support  system  name, 
system  description  and  system  capabilities 
advertisements.  System  name  and  system 
description  advertisements  provide  useful 
information  for  collecting  network  inven¬ 
tory  data.  System  description  advertise¬ 
ment  can  contain  data  such  as  the  adver¬ 
tising  device’s  full  name  and  the  version 
identification  of  the  system’s  hardware  type 


and  software  operating  system. 

LLDP  information  is  transmitted  periodi¬ 
cally  and  stored  for  a  finite  period.  IEEE  has 
defined  a  recommended  transmission  rate 
of  30  seconds,  but  the  transmission  rate  is 
adjustable.  LLDP  devices,  after  receiving  an 
LLDP  message  from  a  neighboring  net¬ 
work  device,  will  store  the  LLDP  informa¬ 
tion  in  an  IEEE-defined  Simple  Network 
Management  Protocol  (SNMP) 
Management  Information  Base  (MIB). 
LLDP  information  is  stored  in  the  SNMP 
MIB  and  is  valid  for  a  period  of  time 


defined  by  the  LLDP  “Time  to  Live”  (TTL) 
value  that  is  contained  within  the  received 
packet.  IEEE  recommends  a  TTL  value  of 
120  seconds,  but  it  can  be  set  to  a  maxi¬ 
mum  value  65,000  seconds  or  a  minimum 
value  of  0  seconds.  Every  time  a  device 
receives  an  LLDP  advertisement  packet,  it 
will  store  the  information  within  it  and  ini¬ 
tialize  a  timer  that  will  be  compared  to  the 
TTL  value.  If  the  timer  reaches  the  TTL 
value,  the  LLDP  device  will  delete  the 
stored  information.  This  ensures  that  only 
valid  LLDP  information  is  stored  in  the  net¬ 


work  devices  and  is  available  to  network 
management  systems. 

The  protocol  lets  network  management 
systems  accurately  discover  and  model 
physical  network  topologies.  As  LLDP  de¬ 
vices  transmit  and  receive  advertisements, 
the  devices  will  store  information  they  dis¬ 
cover  about  their  neighbors.  Advertisement 
data  such  as  a  neighbor’s  management 
address,  device  type  and  port  identification 
is  useful  for  examining  what  devices  are 
neighbors  of  each  other,  and  through  what 
ports  they  connect  to  each  other. 

The  IEEE  has  further  enhanced  the  value 
of  the  LLDP  protocol  by  making  it  possible 
for  other  standards  organizations  and  ven¬ 
dors  to  create  custom  advertisement  mes¬ 
sages.  The  Telecommunications  Industry 
Association  (TIA),  an  International  Stan¬ 
dards  Organization-certified  group  that 
develops  standards-governing  enterprise 
telephony  systems,  is  developing  an  exten¬ 
sion  to  LLDP  for  use  in  VoIP  network  equip¬ 
ment.  The  TIA  standard  will  add  VoIP  and 
telephony-specific  advertisement  fields 
that  provide  information  about  VoIP 
phones  to  the  network  and  could  aid  in  the 
development  of  a  VoIP  E911  emergency 
calling  service  standard. 

LLDP  will  be  a  useful  management  tool 

—  particularly  for  heterogeneous  networks 

—  by  providing  accurate  network  map¬ 
ping,  inventory  data  and  network  trou¬ 
bleshooting  information.  It  is  expected  that 
additional  applications  will  evolve  as  the 
industry  fully  implements  the  standard. 

Alien  and  Frattura  are  directors  of 
secure  networks  solutions  at  Enterasys 
Networks.  They  can  be  reached  at  aallen@ 
enterasys.com  and  Frattura@enterasys. 
com,  respectively. 


Dr.  Internet 


By  Steve  Blass 


We  have  an  application  on  the  Eclipse  Rich 
Client  Platform  (RCP)  that  runs  well  in  the 
Runtime  Workbench,  but  we  are  having  diffi¬ 
culty  getting  it  to  start  outside  of  Eclipse. 

We  exported  our  program  as  a  deployable 
plug-in  and  unpacked  it  in  a  clean  directory, 
but  it  will  not  start.  Are  there  examples  of  how 
we  can  make  this  work? 

An  RCP  newsgroup  (hosted  by  Eclipse.org) 


offers  a  lot  of  information  about  overcoming  the 
pitfalls  of  deploying  RCP  programs.  There  are 
several  items  that  need  to  be  copied  into  your 
deployment  directory  by  hand  after  you  export 
your  plug-in,  including  the  eclipse.exe  program 
launcher  and  the  startup.jar  file  from  your  devel¬ 
opment  installation.  You  also  need  to  copy  all  the 
plug-ins  that  your  program  depends  on  from  the 
eclipse/plug-ins  directory  to  your  deployment 
directory. 


Another  good  source  of  RCP  deployment  infor¬ 
mation  is  the  mailing  list  at  www.eclipsepow- 
ered.org,  where  it  was  recently  announced  that 
an  initial  version  of  an  RCP  application  deploy 
ment  wizard  was  released  into  the  Eclipse 
Concurrent  Versioning  System  repository. 

Blass  is  a  network  architect  at  Change@Work. 
He  can  be  reached  at  dr.internet@changeat 
work.com. 
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The  right  storage  solution 
doesn't  just  give  you  better 
storage  control.  It  helps  you  make 
better  business  decisions. 

Storage  Management  Solutions 

The  first  step  in  making  better  business  decisions?  Deciding  to  be  in  control. 
CA's  Intelligent  Storage  Management  solutions  can  put  you  in  control  of  costs, 
resources  and  data  availability  like  never  before.  They  provide  you  with  a 
comprehensive  real-time  view  of  your  system's  storage  capabilities,  while  also 
providing  immediate  access  to  all  of  your  information.  As  a  result,  you  can 
manage  and  monitor  your  entire  storage  environment  with  ease  and  actually 
use  existing  data.  As  always,  it's  also  vendor-  and  device-neutral,  so  you  can 
maximize  your  current  storage  resources,  saving  time  and  money.  With  more 
automated  software  that  can  make  its  own  decisions  about  storage 
management,  you'll  have  the  information  you  need  to  make  better  business 
decisions.  To  find  out  more  or  to  get  a  white  paper,  go  to  ca.com/driver. 
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Still  going  at  a  Klip 

tings>  section  of  the  KlipFolio  preferences  to  use: 

RSS,  Atom,  XML,  Resource  Description 
Framework  and  HTML  content,  and 
signed  Klips  can  access  raw  TCP/IP  con¬ 
nections  (Serence  does  the  signing  for 
free).  KlipFolio  also  has  its  own  object 
model,  which  can  be  found  at  DocFinder: 

Mark 

Gibbs 

me  iqocaieu  in  me  ixnprunu  uneciuiyj. 

Next  download  the  development  kit,  the 
developer’s  guide  and  the  API  specifica¬ 
tion  (www.nwfusion.com,  DocFinder: 
4024). 

uems.duuueiu  ^snuigj, 

The  default  behavior  of  a  Klip  is  to  enu¬ 
merate  the  number  of  items  added  to  the 
right  of  the  icon  (the  icon  is  specified  in 
the  setup  section)  when  the  Klip  is  in  its 

In  last  week’s  Gearhead  we  discussed  a 
fabulous  tool,  er,  utility,  no,  system  .  .  . 
well,  an  unusual  piece  of  software 
called  KlipFolio  published  by  Serence.To 
briefly  recap:  KlipFolio  is  a  framework  for 
managing  mini-applications  scripted  in 
JavaScript. 

At  the  end  of  last  week’s  missive,  we 
threatened  to  look  at  building  one  of  these 
applications  called  Klips  and  so,  using  your 
seat  cushion  as  a  flotation  device  if  neces¬ 
sary,  here  we  go  . . . 

To  develop  Klips,  first  enable  “developer 
mode”  in  KlipFolio.  This  mode  provides  a 
debug  tab  in  the  KlipFolio  preferences  dia¬ 
log  that  switches  the  display  of  debugging 
output  from  Klips  on  and  off. It  also  enables 
modal  alert  dialogs  to  display  debug  out¬ 
put  and  a  context  (right  click)  menu 
option  that  lets  you  reload  Klips  so  that  you 
can  run  the  latest  version  immediately 
after  editing. 

To  switch  this  on  we  need  to  add  the  line 
“<developer>tme</developer>”  in  the  <set- 


Now  we’re  ready  Using  a  text  editor  we 
open  the  template  from  the  development 
kit  and  save  it  under  the  name  we  want 
our  Klip  to  have.  We’ll  call  it,  say  Bob. 

The  template  is  an  XML  description  of 
the  Klip  that  includes  author,  date,  revision 
level.  See  a  link  to  the  template  on 
Serence’s  Template  page  (DocFinder: 
4025). 

There’s  a  certain  amount  of  setup  infor¬ 
mation  defining  the  Klip’s  name  but  we’ll 
skip  to  the  code  section.  Here’s  an  abbrevi¬ 
ated  version  of  the  template  —  the  entire 
Klip  is  specified  within  the  <klipx/klip> 
tags  and  the  code  goes  in  the  <klip- 
scriptx/klipscript>  section: 

<klip> 

<klipscript> 

<!  [CDATA  [ 

Code  goes  here 

]]> 

</klipscript> 

</klip> 

To  add  items  to  our  Klip  panel  we  need 


minimized  form,  when  manually  resized 
or  when  you  mouse  over  the  panel,  below 
the  icon. 

So,  as  an  example,  the  following  code 
will  repeatedly  (depending  on  the  refresh 
interval  specified  in  the  Klip  specification 
file)  display  the  time: 
function  onRefreshO 
{ 

var  currenttime  =  new  DateO; 
var  hrs  =  currenttime.getHoursO; 
var  min  =  currenttime.getMinutesO; 
var  sec  =  currenttime.getSecondsO; 
Items.clearO; 

Items.status=“”; 

Items.addltem  (hrs  min  +“:”+  sec); 

) 

The  method  ltems.clear  removes  all  cur¬ 
rent  items  from  the  display  to  ensure  that 
there  is  only  one  line  showing  at  a  time, 
and  setting  the  Items.status  property  to  an 
empty  string  removes  the  count  of  the 
number  of  items  (which  would  otherwise 
always  be  1). 

KlipFolio  provides  support  for  reading 


4026. 

The  only  area  of  programming  func¬ 
tionality  that  is  obviously  missing  is  sup¬ 
port  for  low-level  protocols  such  as  Inter¬ 
net  Control  Messaging  Protocol.  Devel¬ 
opers  also  can  have  Serence  encrypt 
their  code  —  a  service  that  the  company 
charges  for. 

KlipFolio  is  one  of  the  most  intriguing 
information  delivery  systems  we’ve  seen 
for  a  while  and  its  potential  is  limited  only 
by  the  relative  youth  of  Serence  —  which 
is  to  say  that  the  company’s  documenta¬ 
tion  and  debug  facilities  are  disappoint¬ 
ing.  In  KlipFolio  it  is  easy  to  build  basic 
functionality,  but  when  you  try  to  be  clever 
the  documentation  lets  you  down. 

Even  so,  KlipFolio  is  impressive  and  reli¬ 
able.  We  recommend  keeping  an  eye  on 
this  unique  product  —  it  could  well  be 
the  corporate  information  delivery  vehi¬ 
cle  you’ve  been  looking  for. 

Deliver  you  thoughts  to  gearhead@ 
gibbs.com. 


God 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Two  life-saving  travel  tools 


September  was  a  busy  travel  month 
for  us,  and  we  were  happy  to  have 
two  devices  along  for  the  ride  that 
helped  us  save  some  time,  and  kept  us 
updated  and  connected. 

The  scoop:  BlackBerry  7 1  OOt  (with 
T-Mobile  service),  from  Research  In 
Motion,  about  $200  (plus  $60  per  month 
for  data  service). 

What  it  does:  The  71  OOt  looks  and  feels 
like  a  mobile  phone,  yet  also  acts  like  a 
BlackBerry  Think  of  it  as  the  BlackBerry  for 
those  within  a  company  who  don’t  travel 
nonstop  or  are  high  enough  in  the  compa¬ 
ny  food  chain  to  warrant  getting  one  of 
those  fancier  BlackBerry  devices.The  pric¬ 
ing  plans  and  monthly  service  from 
T-Mobile  might  be  low  enough  for  com¬ 
panies  to  consider  who  else  in  their 
organization  might  benefit  from  a  wire¬ 
less  e-mail  device.  Those  of  you  who’ve  been  using  the 
teen-focused  Sidekick  might  want  to  upgrade  to  a  more 
professional  device. 

The  71  OOt  runs  on  the  T-Mobile  GSM/General  Packet 
Radio  Service  network,  and  has  the  same  functionality  and 
features  of  those  more  expensive  devices.  Furthermore,  it 
looks  and  feels  more  like  a  phone,  so  it  fits  more  comfort¬ 


The  BlackBerry  71  OOt  keyboard 
has  two  letters  on  each  button. 


ably  in  a  pocket. 

Why  it’s  cool:  The  biggest  change  on 
the  7  lOOt  compared  with  other  Black¬ 
Berry  devices  is  the  new  keyboard. 
Instead  of  having  one  button  for  each 
letter,  the  71  OOt  contains  two  letters  on 
each  key  This  is  done  to  make  the 
device  look  and  feel  more  like  a 
mobile  phone. 

Don’t  panic,  you  won’t  find  yourself 
doing  the  “tap-tap-tap”  dance  to  get  one 
letter  to  appear  in  your  e-mails.  RIM  has 
done  a  great  job  with  its  word-recogni¬ 
tion  software,  which  can  predict  what 
word  you’re  typing.  Just  type  keys  once, 
and  the  combination  of  keys  pressed  with 
the  dictionary  will  figure  out  the  word.  If  it 
a  mistake  (once,  the  device 
the  word  “your”  instead  of  “tour”), 
you  can  easily  correct  the  word,  and  the 
system  will  learn  your  word  preferences. 
We  were  pretty  skeptical,  but  in  hundreds 
of  e-mails  sent,  we  rarely  found  a  typo. 
Other  than  the  new  keypad,  the 
device  worked  just  like  a  BlackBerry, 
letting  us  keep  up  on  our  e-mails  while 
we  were  on  the  road. 

Grade:  kirkirt  (out  of  five) 


The  scoop:  GC-83  PC  card,  from  Sony  Ericsson  (with 
AT&T  Wireless  service),  about  $250  (or  free  with  a  two- 
year  agreement  and  $80  per  month  service  plan). 

What  it  does:  The  GC-83  card  provides  access  to  AT&T’s 
Edge  network,  which  promises  to  offer  average  connection 


speeds  of  100K  to  130K  bit/sec  over  a  wide-area  connec¬ 
tion. The  PC  card  connects  easily  to  a  laptop  to  provide  a 
network  connection, and  comes  with  communication  soft¬ 
ware  that  helps  you  manage  it  all. 

Why  it’s  cool:  Recently  we  found  ourselves  in  a  location 
that  didn’t  have  a  high-speed  wired  Internet  connection  or 
a  Wi-Fi  wireless  LAN  connection.  Fortunately  all  we  had  to 
do  was  pop  in  the  GC-83  card  to  get  connected.  We  didn’t 
test  hardcore  performance  to  see  if  AT&T  Wireless’  claims 
of  speeds  were  accurate,  but  we  noticed  that  speeds  were 
better  than  with  dial-up,  if  slightly  slower  than  a  Wi-Fi  or 
wired  high-speed  Internet  connection.  Several  Web  sites 
with  lots  of  graphics  seemed  to  take  longer,  reminding  us 
of  the  day  when  we  had  our  dial-up  only  access. 

If  you  do  a  lot  of  traveling  and  don’t  know  about 
whether  your  hotel  will  have  a  high-speed  connection  or 
Wi-Fi,  this  can  be  a  great  option  or  back-up  plan. 

Grade: 


Shaw  can  be  reached  at  kshaw@nww.com. 


The  GC-83  PC 
gives  you  a  high¬ 
speed  connection 
on  the  road. 
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Introducing  DuPont™  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in 
protecting  your  network  technology  investment.  DuPont™  certified  cable  produces  20  times  less  smoke 
than  other  plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most 
advanced  fire  safety  cable  technology  available  today.  To  learn  more  about  DuPont ™  certified  limited 
combustible  cable  or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  1-800-207-0776. 


€0® 


The  miracles  of  science* 


IBM.  the  e-business  logo,  eServer.  the  eServer  logo,  OpenPower  and  Power  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries. 
Linux  is  a  trademark  of  Linus  Torvalds  in  the  United  States,  other  countries,  or  both.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 
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FEEL  THE  POWER  OF  LINUX. 

Introducing  the  IBM  eServer™  OpenPower™  system.  With  this  server,  you 
can  have  it  all.  Power  Architecture™  technology  and  the  Linux®  operating 
system.  Outstanding  reliability  features  and  64-bit  computing.  This  is 
what  you’ve  been  waiting  for.  A  server  specifically  enhanced  for  Linux. 
It’s  a  purist’s  dream.  It’s  instant  entree  into  the  Linux  movement.  And  it’s 
an  affordable  way  to  adopt  Power  Architecture  technology  on  demand. 
Join  the  movement  at  ibm.com/eserver/pumpup 


@  server8 


HetworkWorld  |  10/4/04] _ 

ON  TECHNOLOGY 

John  Dix 

Getting 

patching  right 
A  debate 

The  controversy  swirling  around  Microsoft’s  recently 
released  Windows  XP  Service  Pack  2  serves  as  a 
simple  reminder  that  the  patch  problem  remains  at 
the  core  of  network  security. 

There  is  no  silver  bullet  and  solutions  are  emerging 
from  multiple  industry  areas,  making  it  hard  to  figure  out 
the  best  course  of  action. To  help  put  it  in  perspective, 
we’re  challenging  a  batch  of  vendors  to  participate  in  an 
online  Network  World  Virtual  Showdown  “How  best  to 
patch”  the  week  of  Nov.  15. 

We  want  to  hear  from  these  vendors  in  three  categories: 
•  Pure-play  patch  management  players  Shavlik  and  Big 
Fix:  Vendors  offering  patch  point  products  tend  to  be 
innovators.  But  to  stay  competitive  companies  in  this  sec¬ 
tor  have  to  expand  their  scope  to  offer  more  security  or 
management  features. Will  it  be  enough? 

•  Server  and  desktop  management  vendors  Altiris  and 
Configuresoft:  Companies  in  this  segment  argue  that  ven¬ 
dors  of  point  products  don’t  see  enough  of  your  assets  to 
tell  if  patches  will  cause  more  problems  than  they  solve. 
They  also  argue  their  products  scale  better  and  are  catch¬ 
ing  up  to  point  products  in  terms  of  features.  But  can  gen¬ 
eral-purpose  tools  compete? 

•  Vendors  that  couple  vulnerability  scanning  with 
patch  management,  Citadel,  Symantec:  Given  patching  is 
all  about  security,  the  security  vendors  argue  they  have  a 
leg  up  because  they  live  in  the  trenches.  But  patching  is 
relatively  new  to  them  (Symantec  bought  On  Technology 
to  make  a  run  at  this),  and  they  are  playing  catch-up  on 
the  management  side.  Do  they  have  a  chance? 

Vendors  need  to  confirm  their  participation  by  Oct.  11. 
We’ll  launch  the  online  debate  Nov.  15  with  vendors’ 
answers  to  questions  from  Network  World  Senior  Editor 
John  Fontana,  Senior  Writer  Denise  Dubie  and  guest 
expert  Felicia  Nicastro. 

Nicastro  is  a  principal  consultant  with  International 
Network  Services,  a  professional  services  consultancy  She 
holds  C1SSP  and  CUSP  certifications  and  is  author  of  the 
forthcoming  book  Curing  the  Patch  Management 
Headache. 

On  Nov.  16,w'e’ll  open  the  forum  to  let  the  vendors  ques¬ 
tion  each  other. This  typically  is  the  liveliest  part  of  a 
Showdown  because  vendors  know  their  competitors  cold 
and  can  hone  in  on  technical  details  that  matter. 

On  Wednesday  to  Friday,  we’ll  throw  open  the  doors  to 
everyone,  letting  readers  post  questions  and  giving  the 
vendors  a  last  opportunity  to  trade  barbs. 

So  plan  to  join  us  the  week  of  Nov.  15  for  the  launch  of 
what  should  be  an  informative  debate. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


www.nwfusion.com 


Let’s  rethink  BPL 

Regarding  the  story  “Broadband  over  power  lines 
gaining  steam”  (www.nwfusion.com,  DocFinder: 
4022):  There’s  a  memorable  line  from  the  movie 
“Jurassic  Park”  that  can  apply  to  the  BPL  controversy 
In  the  film,  actor  Jeff  Goldblum’s  character  explains 
how  the  scientists  who  are  breeding  dinosaurs 
could  mess  up  badly  and  things  could  go  so  very 
wrong:The  scientists  have  spent  all  their  time  seeing 
if  they  could  rather  than  asking  if  they  should. 

Similarly,  BPL  vendors  believe  they  can  supply 
BPL  but  do  not  seem  to  consider  whether  they 
should.  Which  is  why  the  American  Radio  Relay 
League  (ARRL),  representing  690,000  ham  radio 
operators,  has  spent  almost  two  years  researching 
the  BPL  threat. 

Besides  the  obvious  interference  from  unshielded 
radiating  lines  (power  lines  were  never  constructed 
to  carry  radio  frequency  signals),  the  ARRL’s  biggest 
warning  concerns  what  happens  when  the  entire 
power  grid  of  a  city  becomes  one  giant  radiating 
antenna.The  problems  then  will  not  be  confined  to 
amateur  radio  operators.  Public  service  agencies 
(and  possibly  air  traffic  control  towers)  could  feel 
adverse  effects. 

Let’s  put  the  technical  aspects  of  BPL  interference 
aside  for  a  moment.The  bad  news  is  that  when  ama¬ 
teur  radio  operators  as  individuals  complain,  our 
technical  arguments  are  such  a  snoozer  that  we  put 
the  general  public  to  sleep.  But  the  good  news  is  that 
the  economics  of  this  technology  will,  in  time, get  us 
the  same  results  —  BPL  will  be  a  minor  player  in 
Internet  business  or  disappear  altogether. 

We  owe  BPL  suppliers  a  debt  of  gratitude:  It’s  their 
excessive  claims  and  overblown  rhetoric  about  this 
technology  that  will  hopefully  soon  make  BPL  the 
eight-track  tape  of  Internet  services. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Know  why  utilities  got  excited  about  the  BPL  busi¬ 
ness?  Because  they  saw  a  huge  cash  cow  with  little 
investment  and  an  infrastructure  already  in  place. 
They  are  finding  out  now  the  huge  cash  cow  does 
not  exist  and  the  technology  is  not  problem-free  (as 
the  experiences  in  Manassas, Va.,  Raleigh,  N.C.,and 
Cedar  Rapids,  Iowa, show). 

Know  why  officials  such  as  FCC  Chairman  Michael 
Powell  and  politicians  such  as  President  George 
Bush  are  praising  BPL?  Because  they  have  been 
promised  this  technology  will  easily  bring  low-cost 
broadband  to  rural  America  (voters).Well, check  the 
rural  cooperatives  that  have  studied  this  or  check 
with  rural  utility  companies.  No  rural  utility  that  I  am 
aware  of,  is  going  into  the  BPL  business.  The  rural 
availability  argument  is  simply  as  bogus  as  bogus 
gets.  When  the  politicians  find  this  out,  their  praise 
will  melt  and  disappear. 

The  “Jurassic  Park”  movies  are  now  history  Maybe 
BPL’s  massive  promises  are  next. 

Joe  Phillips 
Fairfield,  Ohio 

Linux  is  larger 

Regarding  the  story  “Fired-up  Ballmer  zings  Linux” 
(DocFinder:  4023):  When  Steve  Ballmer  says  that 
Linux  will  be  attacked  as  frequently  as  Windows 
when  it  has  as  large  a  share  of  the  operating  system 
market,  he  is  failing  to  consider  some  readily  avail¬ 
able  facts.  Linux  already  has  a  larger  share  of  the 
operating  system  market.  Microsoft  Internet  Infor¬ 
mation  Server  has  a  21%  market  share  of  the  Web 
server  market,  while  Linux/ Apache  has  more  than 
three  times  that.  With  Microsoft’s  minority  position 
and  Linux’s  market  share  leadership,  why  is  it  that 
we  hear  about  the  security  issues  and  vulnerabili¬ 
ties  related  to  Microsoft  IIS  and  not  Linux/ Apache, 
Steve? 

Mike  Sheffey 
Santa  Barbara,  Calif. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  4021 
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El 

STRATEGY  SESSION 

Jeff  Kaplan 

Cisco’s  acquisitions  historically  have 
been  early  indicators  of  the  company’s 
strategic  direction  and  bellwethers  of 
broader  industry  trends.  Whether  acquiring 
companies  such  as  Komodo  Technology  to 
build  its  VoIP  product  portfolio  or  Linksys  to 
enter  the  home  network  market,  Cisco’s  deals 
have  been  a  critical  component  of  its  product  development  and  new 
market-penetration  initiatives.  But  Cisco  seldom  has  used  acquisitions 
to  expand  its  support  services.That  is  why  Cisco’s  recent  acquisition  of 
managed  service  provider  NetSolve  is  so  intriguing. 

Founded  in  1987,  NetSolve  became  one  of  the  first  independent 
providers  of  remote  network  and  IT  infrastructure  management  ser¬ 
vices  in  the  mid-1990s.  Despite  surviving  the  dot-com  crash,  NetSolve 
has  limited  name  recognition  among  enterprise  decision-makers 
because  it  has  sold  its  services  primarily  through  indirect  channels,  pri¬ 
vate-labeling  them  to  companies  such  as  AT&T  and  NEC. 

Cisco’s  acquisition  of  NetSolve  comes  at  a  time  when  industry  accep¬ 
tance  of  managed  services  appears  to  be  on  the  rise,  but  NetSolve ’s  via¬ 
bility  at  the  time  of  the  purchase  was  still  uncertain.  Nearly  every  analyst 
firm  has  forecast  double-digit  growth  for  managed  services. Yet  in  July 
NetSolve  reported  a  quarterly  revenue  decline  and  significant  operating 
losses.  Much  of  NetSolve’s  problems  were  attributed  to  the  termination 
of  three  reseller  agreements  with  AT&T  for  managed  router  services; 
managed  DSU  services  sold  as  part  of  AT&T’s  Frame  Relay  Plus  offering; 
and  as  part  of  a  WAN  management  contract  AT&T  had  with  The  Home 
Depot.  Despite  its  long  relationship  with  NetSolve,  AT&T  decided  to 


Cisco  takes  on  managed  services 


deliver  these  managed  services  on  its  own. 

Under  the  circumstances,  it  isn’t  hard  to  understand  why  NetSolve 
was  happy  to  accept  Cisco’s  acquisition  offer.  What  is  less  clear  is  why 
Cisco  decided  to  acquire  ailing  NetSolve. 

Cisco  has  a  long  history  of  offering  automated,  Web-based  technical 
support  services  rather  than  the  labor-intensive  field  support  services 
that  have  weighed  down  more  traditional  vendors  such  as  Avaya, 
Lucent  and  Nortel.  Although  Cisco’s  competitors  have  invested  signifi¬ 
cantly  in  managed  services  in  an  effort  to  shift  their  service  delivery 
models  to  more  economical,  remote  management  techniques,  these 
services  haven’t  become  a  major  piece  of  their  revenue  yet. 

That  is  why  the  NetSolve  acquisition  can  be  seen  as  a  typical 
Machiavellian  move  by  Cisco.  Rather  than  build  an  in-house  managed 
service  capability  Cisco  has  acquired  it  to  quickly  leapfrog  its  competi¬ 
tors,  which  must  now  either  accelerate  their  internal  build-out  efforts  or 
make  their  own  acquisitions  to  remain  competitive. 

Cisco  is  betting  that  its  strong  channel  relationships  and  experience 
with  automated  service  delivery  systems  will  let  it  capitalize  on  the 
growing  demand  for  managed  services.  If  Cisco’s  managed  services  ini¬ 
tiative  is  successful,  corporations  can  bet  that  other  vendors  and  ser¬ 
vice  providers  will  make  managed  services  a  more  prominent  part  of 
their  value  propositions.  And  independent  MSPs  can  bet  that  they  will 
become  more  attractive  acquisition  candidates  for  the  vendors  and  ser¬ 
vice  providers  playing  catch-up  in  this  market. 


Nearly  every 
analyst  firm  has 
fo  m as 
digit  growth 
for  managed 
services. 


Kaplan  is  managing  director  of  THINKstrategies,  a  consultancy  in 
Wellesley,  Mass.  He  can  be  reached  at  jkaplan@thinkstrategies.com. 


YANKEE  INGENUITY 

Howard  Anderson 

Network  speeds  have  increased  from 
about  1M  bit/sec  in  1974  to  1G  bit/ 
sec  today,  to  a  projected  100G  bit/sec 
in  2014  and  IT  bit/sec  by  2020.  Clearly,  net¬ 
works  haven’t  peaked  —  we’re  pushing 
more  data  down  our  networks  and  using 
algorithms  to  compress  it.  Let’s  relate  this 
growth  to  American  consumers  in  their  homes.  Networks  give  con¬ 
sumers  choices  —  and  one  of  these  choices  is  video  on  demand. 

Imagine  for  a  moment  that  you  could  view  your  e-mail  only 
between  the  hours  of  8  a.m.and  1 1  a.m. 

Furthermore,  imagine  you  could  read  e-mails  only  in  the  order 
received,  and  suppose  you  had  to  stop  reading  and  sending  your  e- 
mail  every  eight  minutes  to  view  an  e-mail  advertisement  from  Bill 
Gates  or  Larry  Ellison  telling  you  what  exemplary  citizens  they  are. 
You  would  go  ballistic  —  but  that’s  exactly  what  you  put  up  with 
today  as  a  consumer. 

You  didn’t  know  it,  but  you  signed  a  pact  with  the  devil  —  free  enter¬ 
tainment  for  intrusive  barrages  of  messages.  But  that’s  now  changing  as 
a  result  of  both  digital  video  recorders  (DVR)  and  your  cable  company 
offering  you  video  on  demand.  Bruce  Leichtman,  who  used  to  run  The 
Yankee  Group’s  cable  research  group,  predicts  that  by  2008,  video  on 
demand  and  DVRs  will  each  be  in  more  than  30  million  U.S.  house¬ 
holds,  and  15  million  households  will  have  both.  Access  to  video  on 
demand  won’t  be  free.  The  content  providers  and  the  networks  need 
two  things:  a  new  source  of  revenue  and  some  protection  against  the 
incursion  of  direct  broadcast  satellite, which  currently  is  in  about  23  mil¬ 
lion  households,  about  half  of  what  the  cable  industry  has  (58  million). 

In  addition  to  video  on  demand  and  DVRs,  broadcasters  are  toying 
with  “datacasting"  —  using  portions  of  the  broadcast  signal  for  one¬ 
way  video  transmission  —  but  this  will  require  specially  designed 
receivers  or  PC  tuner  cards.  BellSouth, Verizon  and  SBC  plan  to  bring 
fiber  to  about  2  million  homes,  which  could  give  consumers  even 


Video  on  demand  on  the  horizon 


more  choices.  I  recently  heard  about  a  start-up  that  is  using  technol¬ 
ogy  developed  by  John  Fanning  (of  Napster)  to  allow  peer-to-peer 
video  on  demand  —  and  built-in  protection  of  the  content,  amelio¬ 
rating  the  issue  of  “Napsterizing.” 

What  will  consumers  do  with  all  these  options?  The  real  question 
is  what  will  programmers  do,  because  consumers  only  will  react  to 
what  is  available.  Years  ago  I  invented  a  cute  term  — TAFFIES,  short 
for  technologically  advanced  families.  There  are  a  little  more  than 
100  million  households  in  the  U.S.,of  which  TAFFIES  make  up  about 
5%  —  but  they  are  the  early  adopters.  It’s  not  easy  selling  to  this  elite 
group,  but  once  they  buy  in,  then  the  early  majority  (30%  to  40%  of 
the  market)  usually  will  follow. This  is  what  marketers  love  —  when 
the  large  numbers  begin  to  pile  on,  and  there  is  evidence  that  this  is 
starting  to  happen.  Bruce  Leichtman  says  that  last  year,  45%  of  digital 
cable  subscribers  with  video-on-demand  capability  bought  pro¬ 
gramming,  up  from  28%  in  2002. 

That’s  huge.  There  is  a  chicken-and-egg  situation  with  video  on 
demand  —  the  infrastructure  has  to  be  built  before  the  applications  find 
a  home.Sure,it  takes  about  10  years  to  coalesce  —  and  in  lOyears, those 
broadband  networks  will  be  able  to  handle  even  more  programming. 

I  am  a  “West  Wing”  junkie  —  I  schedule  nothing  on  Wednesday 
nights  at  9  p.m.,rush  home  to  watch  reruns  on  Bravo  at  7  p.m.and 
buy  the  DVDs  of  the  show  the  week  they  come  out.  TiVo  solves 
some  of  my  problems,  but  not  all.  I  want  to  watch  the  episodes 
before  they  are  broadcast  —  and  I  will  pay  $2  per  week  to  be  able 
to  tell  everyone  what  happens  before  it  happens.  For  some  reason, 
my  co-workers  don’t  believe  this  comes  under  the  heading  of  a 
valuable  fringe  benefit. 


Imagine  for  a 
moment  that  you 
could  view  your 
e-mai!  only 
between  the 
hours  of  8  a.m. 
and  1 1  a.m. 


Anderson  is  founder  of  The  Yankee  Group  and  senior  managing 
director  of  YankeeTek  Ventures,  a  Cambridge,  Mass.,  venture  capital 
fund  for  early-stage  technology  companies.  He  can  be  reached  at 
handerson  @yankeetek.  com. 


OptiView  Series  IIm 
Integrated  Network  Analyzer 


Our  new  OptiView  Series  II  Integrated  Network 
Analyzer  shows  you  more  of  what's  happening  on 
your  network  than  you  may  have  ever  seen  before. 

And  faster.  The  graphic  user  interface  and  information- 
rich  front  page  shows  what's  happening  everywhere  on 
your  network  in  seconds  flat  -  even  on  wireless,  WAN 
and  VLAN  segments.  Analyze  802.11  a/b/g  WLANs  just 
like  you  analyze  your  wires.  That's  troubleshooting 
with  super  vision.  But  it’s  not  all.  OptiView  also  gives 
you  powerful  monitoring  and  analysis  capabilities  to 
optimize  your  network  performance.  In  fact,  it's  the 
world's  only  integrated  tool  that  combines  all 
three  -  troubleshooting,  monitoring  and  analytical 
capabilities  -  into  a  single  portable  unit. 


Seeing  is  believing.  Go  to 
www.flukenetworks.com/optiviewdemo 
and  imagine  the  awesome  control 
it  puts  in  your  hands. 
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Security  picks 

This  was  not  an  ordinary  product  test  in 
which  we  picked  a  winner  based  on  a  range  of  cri¬ 
teria  including  performance,  manageability  and 
ease  of  use. 

In  this  case,  we  focused  entirely  on  security,  and 
based  on  our  testing,  we  drew  some  conclusions 
about  which  products  would  be  the  most  secure 
additions  to  your  network. 

On  the  client  side,  we  recommend  wireless  net¬ 
work  interface  cards  from  3Com  and  Cisco 
because  they  offer  a  range  of  security  options, 
don't  have  broken  Wired  Equivalent  Privacy  (WEP) 
implementations  and  offer  a  clear  802.11i  direction. 

For  access  points,  the  decision  is  tougher.  3Com 
and  SMC  Networks  both  passed  all  our  tests,  but 
we  also  feel  that  Cisco,  HP  and  Proxim  —  which 
failed  the  WEP  tests  —  should  be  on  any  short 
list  because  of  the  additional  security  features 
they  offer.  Additionally,  even  Compex,  with  its  small 
office/home  office  access  point,  had  the  ability  to 
switch  users  to  different  virtual  LANs,  which  is  a 
great  security  feature. 

For  wireless  switches,  we  recommend  the  Aruba, 
Airespace  and  Trapeze  products,  again,  based  on 
the  variety  of  options  offered.  In  corporations, 
these  products  will  provide  more  security  than  any 
of  the  static  access  points  tested. 

—Joel  Snyder  and  Rodney  Thayer 


WEP:  Stick  a  fork  in  it 

Tests  show  some  vendors  are  lax  about  plugging  WEP  holes. 


■  BY  JOEL  SNYDER  AND  RODNEY  THAYER, 

NETWORK  WORLD  LAB  ALLIANCE 

WEP  is  notoriously  bad.  We 
set  out  to  find  out  just 
how  bad. 

The  most  egregious 
issue  with  WEP  is  its  lack 
of  key  management.You 
pick  an  encryption  key  give  it  to  your  users 
and  then  —  typically  —  never  change  that 
key  Anyone  who  can  recover  your  key  can 
then  decrypt  all  WEP  traffic  you’ve  sent  using 
it,  compromise  the  privacy  of  your  network  and 
get  a  good  handle  on  its  access  controls. 

Based  on  several  years  of  testing  WEP  products,  we 
predicted  the  key  recovery  method  employed  by  hacker  tools 
such  as  WEPCrack  and  AirSnort  (see  How  we  did  it.www.nw 
fusion.com,  DocFinder:  4031)  would  be  obsolete  today 
because  there  are  a  variety  of  techniques  that  can  defeat  them. 
This  round  of  testing  proved  that  assumption  dead  wrong  (see 
graphic,  page  48).  In  addition  to  more  than  40%  of  the  products 
failing  our  WEP-cracking  test,  we  found  that  some  vendors  actu¬ 
ally  have  moved  backward,  meaning  newer  products  might  be 
more  vulnerable  to  attack  than  older  products. 

Most  vendors  —  trying  to  explain  away  the  fact  they  are  ship¬ 
ping  code  vulnerable  to  3-year-old  attacks  —  argued  with  us 
when  we  pointed  to  test  results  that  showed  their  WEP  implemen¬ 
tations  were  cracked  easily  Most  justified  their  vulnerable  WEP 
implementations  by  saying  something  akin  to  “if  you  were  serious 


about  security  you  wouldn’t  be  using  WEP.”That 
said,  we  still  believe  it’s  a  bad  idea  to  ship  vul¬ 
nerable  products. 

Although  we  checked  with  technical  sup¬ 
port  regarding  all  products  that  failed  our 
AirSnort  test,  only  the  three  wireless 
switch  vendors  —  Airespace,  Aruba 
Wireless  Networks  and  Trapeze 
Networks  —  went  back  to  the  lab  and 
patched  the  holes  for  a  retest. 

AirSnort  and  WEPCrack  aren’t  the  only 
tools  used  to  attack  WEP  If  you  use  40-bit 
keys,  there  are  tools  such  as  KisMAC  that  can 
recover  the  key  using  brute  force. 

A  number  of  the  access  point  products  we  tested 
—  including  Belkin,  Linksys  and  Netgear  —  have  a 
“passkey” system,  where  you  enter  one  password  and  all  your 
WEP  keys  are  generated. This  technique  often  makes  very 
“unrandom”  WEP  keys  weaker  than  even  40-bit  WEP  keys. 

Many  vendors  have  built  in  what  they  call  “high  security”  WEP 
selecting  keys  that  are  longer  than  the  industry-standard  104  bits. 
While  that  spins  marketing  wise,  the  technical  point  is  pretty  moot 
because  trying  to  crack  a  104-bit  key  with  a  brute  force  tool 
already  will  take  longer  than  the  projected  life  of  the  universe,  so 
there  is  no  need  to  go  beyond  that.  But,  on  the  downside,  these 
non-standard  longer  keys  cause  interoperability  issues. 

So  it’s  right  to  conclude  that  WEP  is  not  the  proper  tool  if 
you’re  serious  about  wireless  security  Fortunately  most  of  the 
products  we  tested  (all  but  the  Linksys  Cardbus  wireless 
adapter)  support  better  security 


WHAT  WE  TESTED:  WIRELESS  PRODUCT  KEY 

Listed  here  are  the  details  of  the  23  products  that  we  put  under  a  security  microscope  with  our  battery  of  tests. 


Type 

Vendor 

Product 

802.11  flavors 
supported 

Version 

Price  as 
tested 

Web  site 

Wireless 

3Com 

3Com  Wireless  PC  Card  with  XJACK  Antenna 

802.1  la/b/g 

1.0.0.36 

$135 

www.3com.com 

adapters 

Actiontec 

Wireless  PC  Card 

b/g 

6.0.0.18 

$80 

www.actiontec.com 

Apple 

Airport  Extreme  NIC 

b/g 

3.4.2 

$79 

www.apple.com 

Belkin 

F5D7011  High  Speed  Wireless  Notebook  Card 

b/g 

3.50.21.11 

$70 

www.belkin.com 

Buffalo 

AirStation  WLI-CB-G54  High  Speed  Wireless  Adapter 

b/g 

3.30.15.1 

$80 

www.buffalotech.com 

Cisco 

Aironet  802.11a/b/g  Wireless  CardBus  Adapter 

a/b/g 

1.0.0.305 

$199 

www.cisco.com 

Linksys 

WPC55AG  Dual  Band  Adapter 

a/b/g 

2.3.0.63 

$144 

www.linksys.com 

SMC 

SMC2536W-AG  EliteConnect  Universal  High  PowerWireless  Adapter 

a/b/g 

2.4.2.22 

$95 

www.smc.com 

Wireless 

3Com 

3Com  Wireless  LAN  Access  Point  8750 

a/b/g 

2.04.51 

$899 

www.3com.com 

access  points 

Actiontec 

GT701WG  Wireless  DSL  Gateway 

b/g 

3.0.1. 0.5 

$130 

ww  w.act  iontec.com 

Belkin 

F5D7230  High-Speed  Wireless  G  Router 

b/g 

4.03.03 

$90 

www.belkin.corr 

Buffalo 

AirStation  WBR2-G54  High  Speed  Mode  Wireless  Cable/DSL  Router 

b/g 

2.21 

$150 

www.  buff  a  lotec  h.com 

Cisco 

Aironet  1100  Access  Point 

b/g 

IOS  2.2(13)JA1 

$499 

www.cisco.com 

Compex 

NetPassageWPE54G-SMA  Access  Point 

b/g 

1.10  b518 

$150 

www.cpx.com 

HP 

ProCurve  520wl  dual  radio  Access  Point 

b/g 

2.4.5(758) 

$589 

www.hp.com 

Linksys 

WAP54G  Access  Point 

b/g 

2 

$100 

www.linksys.corn 

Netgear 

WG302  Prosafe  Access  Point 

b/g 

2.0.4RC2 

$350 

wvvrw.netgear.com 

Netopia 

3347W  ADSL  3-D  Reach  Wi-FI  Gateway 

b 

7.3.3r1 

$219 

www.netopia.com 

Proxim 

Orinocco  AP-4000 

a/b/g 

2.4.11(821) 

$899 

www.proxim.com 

SMC 

SMC  2555W-AG  Wireless  Access  Point 

a/b/g 

V3.0.0 

$800 

www.smc.com 

Wireless 

Airespace 

Airespace  4000  with  AP-1200 

a/b/g 

2.1 

$12,450 

www.airespace.com 

switches 

Aruba 

Aruba  800  wireless  switch 

a/b/g 

2.0.4 

$2,995 

www.arubanetworks.com 

Trapeze 

Mobility  Exchange  20  switch  and  Mobility  Point  -252  Access  Point 

a/b/g 

2.1.3 

$10,043 

www.trapezenetworks  c-v 
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Support  for  a  wide  variety  of  WEP  flavors  is  common  in  access  points,  wireless  switches  and 
network  interface  cards,  but  many  of  the  products  we  tested  are  very  vulnerable  to  the  3-year- 
old  key  recovery  technique  available  in  the  AirSnort  tool. 


Type 

Vendor 

AirSnort  results 

WEP  key  support 

Supports  weak  WEP 
passphrase  feature' 

Wireless 

3Com 

Pass 

40-,  104-,  128-bit  keys 

Yes 

adapters 

Actiontec 

Fail 

40- ,  104-,  232-bit  keys 

No 

Apple 

Pass 

40- ,  104-bit  keys 

Yes 

Belkin 

Pass 

40- ,  104-bit  keys 

No 

Buffalo 

Pass 

40-,  104-bit  keys 

No 

Cisco 

Pass 

40- ,  104-bit  keys 

No 

Linksys 

Fail 

40- ,  104-,  128-bit  keys 

No 

SMC 

Fail 

40-,  104-,128-bit  keys 

No 

Wireless  access 

3Com 

Pass 

40- ,  104-,  128- bit  keys 

Yes 

points 

Actiontec 

Fail 

40- ,  104-,  232-bit  keys 

No 

Belkin 

Pass 

40-,  104-bit  keys 

Yes 

Buffalo 

Pass 

40-,  104-bit  keys 

No 

Cisco 

Fail 

40- ,  104-bit  keys 

No 

Compex 

Fail 

40-,  104-bit  keys 

No 

HP 

Fail 

40- ,  104-,  128-bit  keys 

No 

Linksys 

Pass 

40-,  104-bit  keys 

Yes 

Netgear 

Fail 

40- ,  104-,  128-bit  keys 

Yes 

Netopia 

Fail 

40- ,  104-,  232-bit  keys 

Yes 

Proxim 

Fail 

40-,  104-,  128-bit  keys 

No 

SMC 

Pass 

40-,  104-,  128-bit  keys 

No 

Wireless 

Airespace 

Pass** 

40- ,  104-,  128-bit  keys 

No 

switches 

Aruba 

Pass** 

40-,  104-bit  keys 

No 

Trapeze 

Pass** 

40- ,  104-bit  keys 

No 

*No  is  the  preferable  answer. 

**lnitially  failed  the  test,  but  when  we  checked  with  support  team,  we  were  supplied  with  updated  code. 


Glossary  of 
wireless 
security  terms 

802.11, 802.11a,  802.11b,  802.11g:  Four  standards  for  wire¬ 
less  LANs  (WLAN),  ranging  in  speed  from  1M  to  54M  bit/sec.  The 
802.11  family  is  the  most  commonly  used  WLAN  specification  for 
products  built  for  both  office  and  home  environments. 


Wired  Equivalent  Privacy:  wep  is  a  simple,  high-speed 
encryption  technique  built  into  802.11  WLANs,  using  40-bit  keys. 
Most  devices  available  today  support  extended  key  lengths  of  104 
bits,  which  are  not  part  of  the  original  standard  but  are  still  highly 
interoperable. 


802.1X:  An  authentication  standard  for  wired  and  wireless  LANs, 
used  to  identify  users  before  allowing  their  traffic  onto  the  network. 
It  can  be  used  in  wireless  environments  to  authenticate  users  for 
more  secure  WEP,  Wi-Fi  Protected  Access  or  802.11i  deployments. 


Wi-Fi  Protected  Access:  WPA  is  an  industry  standard  based 
on  a  subset  of  an  early  draft  of  802.11L  WPA  replaces  WEP's  keying 
mechanism  with  a  more  robust  system,  called  Temporal  Key  Integrity 
Protocol  (although  TKIP  is  still  based  on  RC4  encryption).  (See  full 
description  of  TKIP,  DocFinder:  4032).  WPA  adds  a  strong  message 
integrity  check  and  allows  for  authentication  using  802.1X. 


802.11i:  IEEE’s  standard  for  Robust  Security  Network  for  WLANs.  In 
addition  to  all  the  features  in  WPA,  802.11i  uses  Advanced  Encryption 
Standard  as  a  replacement  for  RC4  encryption. 


Advanced  Encryption  Standard:  aes  is  the  u.s.  govern¬ 
ment  standard  encryption  protocol  that  replaces  Data  Encryption 
Standard. 


802.  IX:  A  stepping  stone 


s  an  authentication  standard  for  wired  net¬ 
works,  802.  IX  has  a  happy  side  effect  when 
used  with  WLANs:  It  gives  you  per-user,  per- 
session  WEP  keys. 

While  WEP’s  many  other  theoretical  prob¬ 
lems  still  exist, 802. IX  solves  the  biggest 
practical  issue.  No  longer  does  everyone  use  the  same 
WEP  key  that  can  stick  around  for  months  or  even 
years.  Instead,  every  connection  authenticated  with 
802.  IX  gets  its  own  WEP  key  that  can  be  changed  as 
often  as  the  network  professional  controlling  the  WLAN 
desires. 

A  second  benefit  to  802.  IX  is  that  you  actually  know 
who  is  on  your  network.  Users  have  to  go  through  a 
true  authentication  dialog. You  can  use  as  powerful 
an  authentication  method  as  you  need  ranging  from 
simple  username/password  combinations  to  digital 
certificates. 

With  pure  802. IX,  the  heavy  lifting  is  done  on  the  sup- 


folore  online! 

Get  two  years’  worth  of  802.1X  wireless  testing  results. 

bficFioder;  3930  www.nwfusion.coni 


plicant  (wireless  client),  with  the  wireless  access 
point  having  very  little  work  to  do  in  the  process.  In 
the  majority  of  devices  we  tested,  enabling  802. IX 
at  the  access  point  is  usually  a  question  of  picking 
one  of  two  options  —  allow  802.  IX  or  require 
802.  IX  —  and  then  pointing  the  access  point  at  a 
RADIUS  server  that  supports  802.  IX.  Some  prod¬ 
ucts  are  a  little  more  flexible  than  that.  For  exam¬ 
ple,  the  Trapeze  wireless  switch  lets  you  use  802. IX 
for  authentication,  but  also  has  its  own  authentica¬ 
tion  server  built  into  it. This  can  make  deployment 
much  faster,  especially  if  your  RADIUS  server  does  not 
support  802.  IX. 

Not  every  wireless  vendor  is  shipping  wares  with  stan¬ 
dard  802.  IX  support  (see  graphic,  page  50).  For  exam¬ 
ple,  the  Belkin  adapter  and  access  point  tested  did  not 
support  pure  802. IX,  but  did  support  802. IX  in  combi¬ 
nation  with  WPA.  Products  from  Buffalo  Technology  and 
Linksys  tested  did  not  support  pure  802.  IX  at  all. 

Overall,  wireless  client  cards  have  much  broader  support 
for  802.  IX  than  we  saw  in  our  earlier  testing.  In  addition  to 
802. IX  support  in  NICs,  Microsoft  has  built  802. IX  authenti¬ 
cation  into  Windows  XP  and  Apple  has  provided  it  in 


recent  versions  of  Mac  OS  X. 

The  difficulty  in  using  802.  IX  on  a  wireless  client, 
whether  it’s  by  itself  or  part  of  WPA  or  802.1  li,  is  in  find¬ 
ing  a  compatible  authentication  method.  While  not 
everyone  in  the  network  has  to  use  the  same  method, 

See  802.1  X,  page  50 


Hybrid  is  as  hybrid  does.  And  when  it  comes  to  IP  Communications,  hybrid  doesn't  do  much  more  than  compromise.  Hybrid  doesn't  do  seamless 
failover.  Doesn't  do  scalability.  Doesn't  do  end-to-end  security.  Ditto  for  remote  upgrades.  So  if  it's  a  car,  go  hybrid.  If,  however,  it's  a  networking 
and  communications  strategy  you're  driving,  make  sure  you  drive  the  integrated,  secure,  end-to-end  solution:  CISCO  IP  COMMUNICATIONS. 
BECAUSE  PHONES  CAN  DO  MORE.  Learn  more  at  www.cisco.com/domore. 


BECAUSE  HYBRID  IS 
ACTUALLY  NOT  A  SOLUTION. 

(EXCEPT  FOR  CARS.) 
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802.1 X 

continued  from  page  48 

they  all  have  to  be  supported  by  the  RADIUS  server 
you’re  using. 

The  only  common  authentication  denominator  among 
the  products  tested  is  support  for  Protected  Extensible 
Authentication  Protocol  (PEAP)with  Challenge 
Handshake  Authentication  Protocol  (MSCHAPv2),an 
encrypted  authentication  method  based  on  Microsoft’s 
challenge/response  authentication  protocol. 

Unfortunately  PEAP/MSCHAPv2  won’t  work  for  net¬ 
works  that  employ  pre-encrypted  user  passwords.  For 
example,  if  you  keep  your  passwords  on  a  Unix  server  in 
/etc/password  format, you  can’t  use  MSCHAPv2.The  solu¬ 
tion  is  to  either  use  an  authentication  mechanism  such  as 
Tunneled  Transport  Layer  Security/Password  Authenti¬ 
cation  Password  (TTLS/RAP)  (which  works  with  en¬ 
crypted  passwords),  or  jump  to  a  different  authentication 
method,  for  example,  digital  certificates.  Digital  certificates 
are  supported  by  all  of  the  802. IX  clients  we  tested. 

Although  TTLS/PAP  was  not  widely  supported  outside 
of  the  3Com  and  Apple  clients  we  tested,  there  are  add¬ 
ons  for  Microsoft  s  Windows  clients,  such  as  Funk 
Software’s  Odyssey  802.  IX  client  or  Meetinghouse  Data 


Tracking  WLAN  product  support  for  pure  802.1X  authentication  methods 

Although  802.1X  allows  many  authentication  methods,  the  one  most  consistently  supported  is 
PEAP  with  MSCHAPv2.  While  pure  802.1X  support  is  widespread  in  the  other  access  points  and 
wireless  switching  systems  tested,  the  role  of  those  products  in  the  802.1X  handshake  is  to  simply 
act  as  an  intermediate  point  inside  the  tunnel  between  supplicant  and  authentication  server. 
The  authentication  method  used  is  irrelevant  to  the  access  point  (although  some  access  points 
do  restrict  the  types  of  authentication  allowed). 


Product 

type  Vendor 

MD5 

TLS 

PEAP/ 

MSCHAPv2 

PEAP/ 

GTC 

TTLS/ 

PAP 

TTLS/ 

MSCHAPV2 

TTLS/ 

CHAP 

TTLS/ 

MSCHAP 

LEAP 

Adapters  3Com 

Yes 

Yes 

Yes 

Yes 

Yes 

Actiontec 

Yes 

Yes 

Apple 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

Cisco 

Yes 

Yes 

Yes 

Yes 

SMC 

Yes 

Yes 

Yes 

Switch  Trapeze 

Yes 

Yes 

Yes 

Communications’ Aegis  client,  which  bring  that  support  to 
the  table. 

Although  802. IX  by  itself  is  pretty  secure  you  get  your 
best  wireless  security  when  you  combine  802. IX  with  an 


encryption  system  that  is  stronger  than  simple  WEPOther 
security  mechanisms  —  such  as  WPA  and  802.1  li  — 
build  on  802.  IX  encryption  as  one  piece  of  a  bigger 
framework  for  securing  wireless  connections. 


WPA:  An  accident  waiting  to  happen 


PA  is  an  industry  specification  the 
Wi-Fi  Alliance  pushed  into  adop¬ 
tion. This  cooperative  of  wireless 
manufacturers  —  worried  that 
WEP  would  stall  sales  —  took  an 
early  draft  of  the  IEEE  802.1  li  wire¬ 
less  security  standard,  pulled  out  some  harder-to- 
implement  pieces, such  as  AES  encryption,  and  cre¬ 
ated  WPA.Vendors  shipped  certified  WPA  products 
just  five  months  after  announcing  the  specification. 

WPA  enhances  security  in  several  ways.The  most 
obvious  is  in  the  encryption  protocol.  WPA  uses 
TK1P  to  improve  the  key  usage  in  wireless  encryp¬ 
tion.  Although  TKIP  uses  the  same  base  encryption 
algorithm  —  RC4  —  as  WERthe  way  it  selects  and 
changes  keys  resolves  many  of  the  issues  surround¬ 
ing  WEP  WPA  also  improves  the  integrity  aspects  of 
802  1 1  by  making  it  virtually  impossible  to  inject 
messages  into  a  wireless  conversation  or  to  modify 
a  message  on  the  fly. 

The  primary  improvement  in  WPA  is  the  per-ses- 
sion  encryption  key.  Every  time  a  station  associates, 
a  new  encryption  key  is  generated  based  on  some 
per-session  random  numbers  and  the  media  access  con¬ 
trol  (MAC)  addresses  of  the  station  and  the  access  point. 
WPA  sounds  like  a  major  improvement,  and  it  is  —  if  it’s 
used  correctly 

Unfortunately  the  easiest  way  to  use  WPA  actually  makes 
it  easier  to  crack  than  WEP  When  802.  IX  authentication  is 
not  used  in  WPA,  a  simpler  system  called  Pre-Shared  Key 
(PSK)  is.  PSK  offers  a  long-lived  password  that  everyone 
who  wants  to  connect  to  the  WLAN  has  to  know.  All  the 
wireless  devices  we  tested  with  the  exception  of  the  Linksys 
adapter  card  support  WPA-PSK  (see  graphic,  page  52) 

With  WPA-PSK,  if  you  don’t  make  your  password  long, 
you’re  susceptible  to  an  offline  dictionary  attack  where 


an  attacker  grabs  a  few  packets  at  the  time  a  legitimate 
station  joins  the  wireless  network  and  then  can  take 
those  packets  and  recover  the  PSK  used.  An  attacker  can 
get  what  he  needs  to  guess  the  PSK  and  get  out  without 
anyone  noticing. This  can  occur  because  the  attacker 
doesn’t  have  to  be  near  the  WLAN  for  more  than  a  few 
seconds,  and  the  LAN  doesn’t  have  to  be  very  busy 
Of  course,  this  type  of  attack  depends  on  people 
choosing  poor  passwords.  So  if  you  force  users  to  type  in 
a  64-digit  hexadecimal  number  when  they  configure 
their  wireless  connection  information,  then  you  are  cov¬ 
ered.  But  most  folks  use  the  passphrase  mechanism  built 
into  WPA,  which  converts  an  eight-  to  63-character  string 


you  type  in  to  the  64-digit  key  More  than  half  of  the 
products  we  tested  only  let  you  enter  a  passphrase 
—  you  can’t  put  in  the  64-digit  hex  key  even  if  you 
wanted  to. 

The  innate  problem  is  that  a  passphrase  is  easy 
to  guess.The  IEEE  committee  that  wrote  802. Hi 
pointed  out  that  an  eight-  to  10-character 
passphrase  actually  has  less  than  the  40  bits  of 
security  that  the  most  basic  version  of  WEP  offers, 
and  says  that  a  passphrase  “of  less  than  about  20 
characters  is  unlikely  to  deter  attacks.” 

As  with  WERwireless  cracking  tools  exist  that  are 
specifically  designed  to  recover  the  PSK  from  a 
WPA-protected  network.  We  used  the  KisMAC  tool 
to  demonstrate  that  an  eight-character  PSK  can  be 
recovered  using  off-the-shelf  tools  against  any 
product  using  such  a  short  password  with  only  a 
few  days  of  work. 

WPA  with  802.  IX  authentication  —  sometimes 
called  WPA-Enterprise  —  yields  a  very  tight  net¬ 
work.  802.  IX  offers  strong  positive  authentication 
for  both  the  station  and  the  WLAN  infrastructure, 
while  deriving  a  secure,  per-session  encryption  key 
that  is  not  vulnerable  to  any  casual  attack.This  security 
comes  with  a  cost  because  802.  IX  authentication 
requires  a  significant  infrastructure  including  802. IX- 
compliant  RADIUS  server  with  a  digital  certificate,  and 
client  software  for  every  user  that  supports  802.  IX  and 
whichever  authentication  mode  you  use. 

If  you’re  looking  for  the  best  wireless  security  you  can 
get  today,  802.  IX  authentication  combined  with  WPAs 
improved  encryption  is  the  closest  thing  we’ve  got  to  an 
ideal  solution.  Finding  good  products  at  all  prices  that 
combine  802.  IX  and  WPA  is  not  difficult.  However,  WPA- 
based  products  should  give  way  quickly  as  more  802. 1 1  i- 
based  products  hit  the  marketplace  this  fall. 


JUST  BECAUSE  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  PEOPLE  USING  IT  SHOULD  BE 


Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong.  That’s  Information  Availability.  And  one  of 
the  best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications 
and  data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  is  always  on.  SunGard  can  •  , 

offer  a  secure  and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with  X;.C 
network,  power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  I  DC 
White  Paper:  "Ensuring  Information  Availability”  visit  www.availability.sungard.com/idcwp 


Availability  Services  I  Connected 


jj IE 

F  ,/ur; 

■ arr 

ss 

-■  '  , 

ffiSL  l 

n  i 

§§||k»  , . 

W&L 

NetworkWorld  1 10/4/04 


CLEAR  CHOICE  [10  SPECIAL  REPORT 


CRACKING  THE  WIRELESS  SECURITY  CODE 


Tracking  support  for  various  WPA  authentication  methods 

Wireless  access  points  and  switches  have  almost  unanimous  support  for  both  WPA  pre-shared 
keys  and  802.1X  authentication  methods.  But  on  the  client  side,  the  wireless  NICs  tested  varied 
considerably  on  this  point  with  PEAP/MSCHAPv2  standing  as  the  lowest  common  denominator. 


Supports  WPA  802.1X  authentication  methods  supported  in 


Product  type 

Vendor 

Pre-Shared  Key 

conjunction  with  WPA 

Wireless 

adapters 

3Com 

Yes 

LEAP,  Serial  authentication,  EAP-TLS,  PEAP/MSCHAPv2, 
TTLS/PAP,TTLS/MSCHAPv2 

Actiontec 

Yes 

EAP-TLS,  PEAP/MSCHAPv2 

Apple 

Yes 

TTLS/MSCHAPv2,TTLS/MSCHAP,TTLS/CHAP,TTLS/PAP, 
LEAP.TLS,  MD5,  PEAP/MSCHAPv2 

Belkin 

Yes 

EAP-TLS, TTLS/PAP,TTLS/CHAP,TTLS/MD5,TTLS/MS-CHAP, 
TTLS/MS-CHAPv2,  LEAP,  PEAP/MS-CHAPv2,TLS,  MD5 

Buffalo 

Yes 

Not  supported 

Cisco 

Yes 

EAP-TLS,  PEAP/GTC,  PEAP/MSCHAPV2,  LEAP 

Linksys 

No 

Not  supported 

SMC 

Yes 

TLS,  PEAP/MSCHAPv2 

Wireless 

access 

Vendor 

Supports  WPA 
Pre-Shared  Key 

Supports  WPA  used  with  802.1X* 

points 

3Com 

Yes 

Yes 

Actiontec 

Yes 

Yes 

Belkin 

Yes 

Yes 

Buffalo 

Yes 

No 

Cisco 

Yes 

Yes 

Compex 

Yes 

Yes 

HP 

Yes 

Yes 

Linksys 

Yes 

Uses  proprietary  authentication  system 

Netgear 

Yes 

Yes 

Netopia 

Yes 

No 

Proxim 

Yes 

Yes 

SMC 

Yes 

Yes 

Wireless 

Airespace 

Yes 

Yes 

switches 

Aruba 

Yes 

Yes 

Trapeze 

Yes 

Yes 

*While  WLAN  clients  must  support  specific  802.1X  authentication  methods,  the  wireless  access  points  and  the  switches 
merely  have  to  support  the  authenticated  tunnel. 


802.1  li:  The  next  big  thing 


he  IEEE  standard 
called  Robust 
Security  Network¬ 
ing  is  a  force  to  be 
reckoned  with.  As 
an  amendment  to 
the  original  802.1 1  WLAN 
standard, 802. 1  li  replaces  the 
original  meager  10-page  WEP 
discussion  with  more  than 
200  pages  of  detailed  proto¬ 
col  on  how  to  lock  unwanted  users  out  of  your  wire¬ 
less  network. 

This  is  the  good  stuff. 

Approved  in  July, 802. 1 1  i  products  have  started  to 


appear  in  the  market.  Even 
though  we  received  our  test 
equipment  before  the  final 
draft  of  the  standard  was  rati¬ 
fied,  3Com,  Airespace,  Belkin, 
Buffalo,  Proxim,  SMC  and 
Trapeze  all  had  some  pieces  of 
802.1  li  included  with  the  hard¬ 
ware  we  tested. 

The  primary  difference 
between  the  final  version  of 
802.1  li  and  the  scaled-down  version  that  the  Wi-Fi 
Alliance  published  as  WPA  is  AES.  As  a  streaming 
encryption  algorithm,  RC4  (used  in  WEP  and  WPA) 

See  802.1  li,  page  56 


Security 
standards 
aside,  lock 
down  your 
boxes,  boys! 


To  build  a  secure  wireless  network,  it’s  not 
enough  to  watch  the  airwaves.You  must 
lock  down  the  access  points,  much  like  the 
rest  of  your  network  infrastructure. 

Network  World  Lab  Alliance  partner 
Rodney  Thayer  of  Canola  Jones  conduct¬ 
ed  a  penetration  test  on  the  wireless  infrastructure 
devices  (access  points  and  switches)  we  tested. 
Particularly,  we  were  looking  to  assess  how  the  ven¬ 
dors  protect  the  point  at  which  the  wireless  device 
hits  the  wired  network.  We  left  the  devices  as  close 
as  possible  to  the  recommended  default  configura¬ 
tion.  In  cases  where  Thayer  criticizes  a  default  set¬ 
ting  but  the  vendor  offers  an  option  to  make  condi¬ 
tions  more  secure  (such  as  changing  from  HTTP  to 
Secure-HTTP),he  noted  this  in  the  report. 

It’s  clear  from  this  testing  that  most  devices  arrive 
out  of  the  box  with  a  poor  set  of  security  defaults. 
Many  access  points  don’t  have  the  option  to  disable 
low-security  services,  such  as  Telnet  and  HTTP  and 
enable  higher  security  services,  such  as  Secure  Shell 
and  HTTPS. 

Thayer  says  most  vendors  opt  for  simple,  rather 
than  secure,  defaults.  For  example,  while  few  people 
manage  wireless  access  points  from  a  command¬ 
line  interface,  Actiontec  ships  its  access  point  with 
Telnet  enabled  using  a  default  password  anyone  can 
guess  (it’s  the  same  as  the  username),  which  cannot 
be  changed  or  disabled  from  the  user  interface. 
That’s  a  pretty  huge  hole,  even  in  the  relatively  low- 
end  market  Actiontec  targets. 

Thayer  took  steadier  aim  at  enterprise-class  access 
points  built  on  more  sophisticated  platforms,  such  as 
HP  and  SMC,  which  left  open  debug  ports  from  the 
real-time  Wind  River  VxWorks  operating  system  both 
use  in  their  shipping  products.  While  there  might  not 
be  any  known  VxWorks  exploits  this  week,  this  doesn’t 
mean  there  won’t  be  any  next  week. 

Even  vendors  that  have  a  clear  focus  on  enter- 
prise-class  security,  such  as  Aruba  and  Airespace, 
have  been  sloppy  with  their  management  defaults. 
Both  let  you  be  as  secure  as  you  want  eventually, 
but  start  you  out  of  the  box  wide  open. Trapeze, 
another  security-focused  vendor,  has  a  more  hap¬ 
hazard  take:  It  forces  you  into  HTTPS  management, 
but  still  lets  you  leave  the  password  blank. That  just 
does  not  follow  good  security  practice,  even  if  it’s  a 
default  setting. 


More  online! 

Find  out  which  of  the  15  access  point  and  wireless  switch  vendors 
leave  the  back  door  to  your  WLAN  wide  open.  DocFmder  4833 
www.nwfiision.coni 
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Consider  the  dots  connected.  Voice  over  IP  is  at  the  heart  of  The  Latin  School 
of  Chicago's  new  network.  Thanks  to  an  integrated  platform,  Web  site  and  phone 
system  information  is  easy  to  manage.  Features  and  new  users  are  easy  to  add.  And 
with  IP  phones  in  classrooms,  it’s  easy  to  access  important  Web-based  information. 
Like  whether  the  day’s  lunch  is  grilled  cheese  or  ravioli.  Find  out  more  about  how  we’re 
helping  Latin  School  connect  the  dots  at  sbc.com/dots.  GOING  BEYOND  THE  CALL.* 
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CLEAR  CHOICE  (<it  SPECIAL  REPORT 


CRACKING  THE  WIRELESS  SECURITY  CODE 

How  to  do  it:  Securing  your  wireless  LAN 


V/  e’re  left  with  the  ques¬ 
tion:  How  do  you  secure 
your  WLAN? 

If  you  are  starting  from 
scratch  and  have  no 
legacy  equipment  to 
contend  with,  the  answer  is  to  use  WPA 
with  802.  IX  authentication  and  plan  a 
migration  to  802.1  li  when  equipment 
becomes  readily  available. 

You  won’t  pay  a  premium  to  use 
802. IX.  It’s  free  and  built  into  Windows 
XP  and  Apple’s  Mac  OS/X.  Picking  gear 
that  supports  802.  IX  and  WPA  is  just  a 
matter  of  looking  for  the  Wi-Fi  Alliance 
WPA-Enterprise  sticker. You’ll  also  need  a 
RADIUS  server  that  supports  802.  IX 
authentication. 

As  an  alternative  to  WLAN-based 
encryption  that  WPA  and  802.1  li  offer, 
you  can  use  IPSec,  especially  if  your  net¬ 
work  includes  a  strong  IPSec  remote- 
access  solution. 

From  a  security  standpoint,  IPSec  offers 
a  stronger  model  than  WPA,  but  the  dif¬ 
ferences  are  unlikely  to  be  applicable  to 
anyone  outside  the  military  IPSec  also 
has  its  own  costs,  mainly  tunneling  over¬ 
head  could  cause  performance  prob¬ 
lems  in  a  high-speed  environment. 

You  also  can  layer  a  simple  VPN  proto¬ 
col,  such  as  Point-to-Point  Tunneling 
Protocol  (PPTP),on  top  of  your  wireless 
connections  that  only  support  WEP 
natively. The  benefits  of  PPTP  (or  any 
VPN  protocol)  over  simple  WEP  are 
authentication  and  a  second  layer  of 
encryption.  PPTP  has  a  much  weaker 
security  model  than  IPSec,  but  has  been 
very  well  supported  in  all  laptop  operat¬ 
ing  systems  for  more  than  five  years.  The 
likelihood  you’ll  find  a  device  that  can¬ 
not  do  WEP  plus  PPTP  is  fairly  low. The 
alternatives,  such  as  pure  IPSec  or  IPSec 
over  Layer  2  Tunneling  Protocol,  are 
attractive  from  a  security  point  of  view, 
but  not  from  an  interoperability  and 
ease-of-use  point  of  view. 

An  issue  that  spans  both  LAN-based 
wireless  encryption  and  tunneled  VPN 
deployments  is  the  need  to  support  lega-  ! 
cy  equipment.There  are  millions  of  wire¬ 
less  cards  that  barely  can  handle  WEP 
and  have  little  or  no  hope  of  supporting  j 
a  more  sophisticated  authentication  pro¬ 
tocol  such  as  802.  IX. 

The  issue  is  compounded  by  some 
technical  incompatibilities  between  WEP  : 
and  WPA. 

If  you’re  looking  for  a  smaller  deploy¬ 
ment  of  just  a  half-dozen  access  points, 
for  example,  you’ll  either  have  to  find  an 
access  point  that  can  handle  multiple 
security  profiles  on  the  same  radio,  or  go 
with  one  that  has  two  separate  radios, 


such  as  the  HP  ProCurve  520wl  we  test¬ 
ed.  Or,  in  the  worst  case,  put  in  two 
access  points  everywhere. 

Some  high-end  products,  such  i 

as  the  WLAN  switches  from  A 

Airespace,  Aruba  and  Trapeze,  ^ 
can  handle  having  WEP802.1  li  U 

and  even  unencrypted  traffic 
without  having  to  install  two 
sets  of  wireless  access  points 
across  the  network.  ■ 

If  you’ve  got  one  or  two  spe-  V 
cial  legacy  cases  that  must  have  V 
access  to  the  wireless  network  —  ^ 

such  as  a  printer  or  data  collection 
device  that  won’t  do  anything  more 
complicated  than  WEP  —  you  should 
consider  placing  this  device  on  a  sepa¬ 
rate  wireless  network  and  enabling  MAC 
based  authentication. 

The  last  deployment  complication  lies 
with  accommodating  guest  users. These 
are  typically  folks  who  might  be  in  your 
building  and  need  wireless  service,  but 


who  you  might  not  want  to  bother  secur¬ 
ing.  Many  wireless  devices  specifically 
support  guest  access, shuttling  unauthen¬ 
ticated  or  unencrypted  traffic  to  a  specif¬ 


ic  virtual  LAN, which,  presumably, you 
would  place  well  outside  your  corpo¬ 
rate  network.  In  addition  to 
k  Airespace,  Aruba  and  Trapeze,  this 
^  guest  user  allowance  occurred  in 
n  3Com,  Cisco,  Compex,  HP  and 

'  M  Proxim  access  points. 

■  You  also  might  want  to  run 
guest  users  through  a  simple 

(ACT  Web-based  authentication 

■  process  before  letting  them  off 

v  W  the  wireless  network  (and  possi- 

V  bly  onto  your  wired  network  if 
y  you’re  not  tracking  them  carefully) 
to  help  differentiate  between  legiti¬ 
mate  guests  and  those  wandering 
around  your  parking  lot.  Depending  on 
how  complex  a  security  model  you 
need  to  support,  you  might  want  to  drop 
in  a  simple  firewall  that  supports  Web 
authentication  or  one  of  the  more 
sophisticated  logging  systems  from  ven¬ 
dors  such  as  ReefEdge  Networks  and 
Vernier  Software. 


Tools,  not  standards,  that 
help  tie  down  wireless  nets 


ecurity  standards  aside,  wireless  gear  vendors  are 
peppering  their  products  with  other  features  that 
can  help  secure  WLANs,  including  access  controls, 
VPN  technologies  and  tools  to  locate  and  lock  out 
rogue  users. 

One  of  the  most  common  security  features  of  the 
access  points  tested  was  MAC-based  access  controls.  3Com, 
Actiontec,  Airespace,  Aruba,  Buffalo, 

Cisco,  HRNetgear,  Proxim,  SMC  and 
Trapeze  all  support  this  feature.  To  use 
these  controls,  you  need  to  know  the 
Ethernet  address  of  every  wireless 
card  that  will  connect  to  your  net¬ 
work.  It  might  seem  tedious,  but  it 
helps  defend  against  casual  attackers. 

MAC-based  access  controls  come  in 
two  flavors.  Access  points  designed  for 
home  use  force  you  to  keep  a  static 

list  of  MAC  addresses  on  the  access  point.This  technique  has 
become  popular  enough  that  access  point  and  wireless  switch 
vendors  have  scaled  this  technique  so  that  multiple  access 
points  can  look  up  the  static  MAC  address  in  a  RADIUS  server 
to  see  if  it’s  allowed  on  the  network. 

Access  control  of  the  second  sort  comes  in  built-in  firewalls 
shipped  as  part  of  an  access  point.  Some  access  points, such  as 
3Com’s  WL-450,  do  a  very  simple  type  of  packet  filtering,  primarily 
designed  to  keep  garbage  such  as  IPX  routing  broadcasts  off  your 
WLAN.  Others  have  a  more  sophisticated  set  of  packet  filters  for 
access  controls.  For  example,  the  Airespace  switch  and  the 


Any  discussion  of  wireless 
security  would  be  incomplete 
without  mentioning  that  buga¬ 
boo  of  network  professionals 
-  the  rogue  access  point. 


Buffalo,  Cisco,  HP  and  Proxim  access  points  all  let  you  control 
access  up  to  the  IP  level.  For  serious  firewalling,  Aruba  packs  a  full, 
stateful  firewall  into  its  wireless  switch  equipment. 

Trapeze’s  access  controls  apply  to  the  actual  authenticated 
user.  Most  products  define  controls  based  on  which  WLAN 
you  are  on,  so  all  users  on  that  LAN  get  the  same  access  list. 
However, Trapeze  actually  ties  the  IP  access  list  to  authenti¬ 
cated  users,  so  your  access  list  is 
defined  based  on  your  authentica¬ 
tion  information. 

If  you’d  rather  use  IPSec,  both  Aruba 
and  Airespace  have  VPN  tunnel 
servers  built  into  their  wireless  switch 
hardware.  Of  course,  you  don’t  have  to 
build  the  IPSec  tunnel  to  the  wireless 
access  point  or  switch  —  as  all  the 
other  access  point  vendors  were  quick 
to  point  out.You  always  can  put  a  sep¬ 
arate  VPN  device  next  to  the  wireless  network. 

However,  when  you  do  that,  you  lose  some  of  the  advantages 
of  an  integrated  tunnel  server,  such  as  a  very  tight  binding 
between  the  wireless  client  and  the  IPSec  tunnel,  and  a  simpler 
network  topology  if  you  have  many  points  of  connection 
between  the  wireless  network  and  wired  network. 

There  are  situations  where  encryption  isn’t  important,  but 
authentication  is,  such  as  in  a  wireless  hot-spot  setting. 
Vendors  have  addressed  this  issue  with  a  simple  technique. 

No  matter  where  the  user  wants  to  go,  you  redirect  him  to  a 

See  Tools,  page  56 
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HP  Integrity  servers  are  taking  off,  as  are  the  companies  using 


Companies  adopting  HP  Integrity  servers,  powered  by  industry-leading  Intel®  Itanium®  2  Processors,  are  seeing  remarkable  gains  in  performance 
The  momentum  is  building.  One  after  another,  companies  are  choosing  HP  Integrity  servers.  Leading  software  and  technology  partners  such  as 
BEA,  Microsoft,®  Oracle,  SAP  and  Siebel  Systems  have  embraced  the  platform  as  an  industry  standard.  And  with  the  ability  to  manage  a  mixed 
environment  of  UNIX,  Microsoft*  Windows®  Linux  and  OpenVMS,  HP  Integrity  servers  are  fast  becoming  the  ultimate  consolidation  tool.  Demand 
maximum  performance,  reliability  and  cost-efficiency  now,  on  a  platform  that  will  carry  you  forward  into  the  future.  Demand  performance  that's 
real-world  proven,  and  get  it— with  HP  Integrity  server  solutions. 


Choosing  HP  Integrity  servers,  choosing  results. 


AIRBUS  UK: 

Running  HP-UXUi  on  HP  Integrity 
servers,  20-30  wing  design 
simulations  that  used  to  take 
weeks  are  now  done  overnight. 


COMPUSA: 

Going  with  64-bit  architecture 
using  HP  Integrity  servers, 
they  cut  access  time  to  inventory 
data  by  up  to  85%. 


FIAT  AUTO: 

Standardizing  on  64-bit 
infrastructure  using  HP  Integrity 
servers,  they're  integrating  and 
enhancing  sales  and  service  as 
well  as  streamlining  the  buying 
process  while  lowering  sales  cost 


THE  KOEHLER  GROUP: 

Moving  to  an  environment 
composed  of  HP  Integrity  servers, 
they  gained  a  50%  improvement 
in  mission-critical  performance. 


invent 


To  get  the  IDC  white  paper  outlining  the  performance  of  HP  Integrity 
servers  with  Intel®  Itanium®  2  Processors, 

CALL 

1-800-282-6672 

option  5,  mention  code  AQHG 

CLICK 

hp.com/go/demandintegrity6 

Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Itanium  are  trademarks  or  registered  trademarks  ot  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation.  ©2004  Hewlett-Packard  Devek«n»r  vc  1 
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CRACKING  THE  WIRELESS  SECURITY  CODE 


802.111 

continued  from  page  52 

was  not  designed  for  use  in  packet-ori¬ 
ented  Ethernet  environments  because 
packet-oriented  transmission  has  to 
"restart”  RC4  at  the  beginning  of  each 


packet,  a  process  that  can  lead  to  a 
variety  of  attacks.  AES  resolves  those 
issues. 

The  Wi-Fi  Alliance  has  expanded  the 
WPA  program  by  publishing  a  subset  of 
802.1  li  as  WPA2.  Early  in  September,  it 
announced  that  products  from  six  man¬ 


ufacturers  had  been  certified  forWPA2 
compliance.These  manufacturers 
include  Atheros,  Broadcom,  Intel  and 
Realtek,  four  of  the  most  significant 
manufacturers  of  the  wireless  chips  that 
make  up  everyone  else’s  cards,  access 
points  and  laptops.  Based  on  this  early 


■ 


■  . 

/ 

|  \  '  p . i 


■  V-' 

%  '  a. 'Xl'syi5?  J 


i  * 

■  -i 

1  A 


%l  i 


- 

.  .  ••  -V  ' 

‘  ' .  .  A’.:  4.,  . 

v  '  ..  '  S''  . 


* 

■  . 

ymm 


S5  3ft?:  .  /  A 
■,  ft  j# 


•  V  JHf  T 

V;  -4 


•-  ■  '  .  tvW‘4  ■' 

n,  ;  '' 

.  . 

/;'V  ",  •••  '  '  *V-  '%<* 

I  "2^'  - 


v  ,V\ 

— '  v 

f  '  ''  •#. 


j**  jV  , 


VoIP  vs.  VolQ 


■  ■■ 

5  .  : 


-  ^  TJiere's  a  lot  to  think  about  when  choosing  a 

VoIP  system.  But  the  solution  is  actually  quite 

sib} p lb  -  literally.  It's  Zultys.  Our  intelligent 

'  •  1 


solutions  provide  the  difference  between  just 

,  ViM  P  and  VolQ.  Easy  tb  implement  and  manage, 
.  -  .  .  ... 

v,  uh  our  communications  system  is  built  on  open 

J  r 

km*-: M, 


standards  and  fits  seamlessly  into  any  network 
configuration.  Plus,  voice,  data,  video  and  fax 
are  all  integrated  into  a  single,  scalable  appliance. 
Intrigued?  Learn  more  about  all  of  Zultys’ 
smart  VoIP  solutions  at  ZULTYS 

http://nw.zultys.com.  ©  2004  Zultys  Corporation 


£>  2004  Zultys  Corporation 


adoption,  we  can  expect  an  explosion 
of  802. 1 1  i-compatible  products,  as  ven¬ 
dors  that  already  have  modern  chipsets 
from  these  manufacturers  in  current 
products  will  be  able  to  turn  on  802.1  li 
compatibility  without  swapping  out 
hardware. 

Like  WPA, 802.1  li  includes  802. IX 
authentication  as  a  core  feature.  But  the 
same  authentication  caveat  as  with  WPA 
applies;  PSK  authentication  is  a  poor 
choice  for  network  security  and  is  highly 
vulnerable  if  the  PSK  is  not  long  and 
changed  frequently  enough. 


Tools 

continued  from  page  54 

Web  page  where  he  has  to  input  his  cre¬ 
dentials.  In  addition  to  a  host  of  vendors 
that  make  external  devices  to  handle 
that  type  of  authentication,  such  as 
Vernier  and  ReefEdge,Airespace  and 
Aruba  build  this  feature  into  their 
switches. 

Any  discussion  of  wireless  security 
would  be  incomplete  without  mention¬ 
ing  that  bugaboo  of  network  profession¬ 
als  —  the  rogue  access  point.  Several 
products  we  tested,  including  access 
points  from  HP  and  Proxim  and  switches 
from  Airespace  and  Trapeze,  offer  a  vari¬ 
ety  of  features  to  detect  and  report  on 
rogue  access  points  on  your  network. 

Aruba  raises  the  bar  on  managing 
rogue  access  points  with  its  Wireless  IDS 
feature,  designed  to  not  only  detect 
rogue  access  points  and  certain  types  of 
wireless  hacker  tools,  but  also  to  ensure 
enterprise  standards  for  wireless  deploy¬ 
ment  are  being  followed  (such  as  chan¬ 
nel  number  assignments  and  encrypted 
data).  Aruba  even  offers  a  remediation 
option:  If  you  see  an  access  point  with 
the  wrong  Service  Set  Identifier,  the 
switch  will  isolate  it  from  the  network 
by  keeping  stations  from  being  able  to 
associate  to  it. 


M  Lab  Alliance 

Snyder  and  Thayer  also  are  members  of  the 
Network  World  Lab  Alliance,  a  cooperative  of 
the  premier  testers  in  the  network  industry, 
each  bringing  to  bear  years  of  practical  expe¬ 
rience  on  every  test.  For  more  Lab  Alliance 
information,  including  what  it  takes  to  become 
a  partner,  go  to  www.nwfusion.com/alliance. 
Other  members:  Mandy  Andress,  ArcSec:  John 
Bass,  Centennial  Networking  Labs,  North 
Carolina  State  University:  Travis  Berkley, 
University  of  Kansas;  Jeffrey  Fritz,  University 
of  California,  San  Francisco;  James  Gaskin, 
Gaskin  Computing  Services;  Greg  Goddard, 
EDS;  Thomas  Henderson,  ExtremeLabs; 
Miercom,  network  consultancy  and  product 
test  center;  Christine  Perey,  Perey  Research 
&  Consulting;  Barry  Nance,  independent  con¬ 
sultant;  David  Newman,  Network  Test;  Thomas 
Powell.  PINT. 


KNOWLEDGE 

- *— • -  INNOVATIVE 

DP|\/rC  BUSINESS 
l\l  V  L  J  SOLUTIONS 

“  I  WILL  BUILD  A  CAR  FOR  THE  GREAT  MULTITUDE,"  Henry  Ford  declared.  His  knowledge  of  assembly-line 
technology  and  the  market  enabled  him  to  realize  his  dream  of  producing  an  automobile  that  was 
reasonably  priced,  reliable  and  efficient  Ford's  production  of  the  Model  T  made  his  company  the  leading 
auto  manufacturer  in  the  world. 

Race  ahead  of  your  competition  with  innovative  business  solutions  from  EMA's  ever-expanding  knowl¬ 
edge  repository  on  best  practices  and  technologies  in  the  market  Our  industry  leading  analysts  collect 
timely  market  data  that  strengthens  our  clients'  competitive  advantage.  Do  you  want  to  know  how  your 
products  really  compare  to  the  competition  in  the  eyes  of  your  customers? 

EMA  CAN  DRIVE  YOUR  COMPANY  FORWARD  IN  DERIVING  BUSINESS  VALUE  FROM  fT5  IT  RESOURCES. 
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PLEASE  VISIT  US  AT  WWW.EMAUSA.COM 
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Thank  you  for  supporting  VORTEX  2004  and  making  the  event  a  success! 


P  L  A  T  I  N  U 


Cisco  Systems 


® 


Cisco  Systems,  Inc. 


■  "-PI  - 


Cisco  Systems,  Inc.  is  the  worldwide  leader  in  networking  for  the 
Internet.  Cisco  hardware,  software,  and  service  offerings  are  used 
to  create  Internet  solutions  that  allow  individuals,  companies,  and 
countries  to  increase  productivity,  improve  customer  satisfaction 
and  strengthen  competitive  advantage.  At  Cisco,  our  vision  is  to 
change  the  way  people  work,  live,  play  and  learn. 

(408)  526-4000  •  www.cisco.com 


EMC2 

where  information  lives 

EMC  Corporation 

EMC  Corporation  is  the  world  leader  in  products,  services,  and 
solutions  for  information  storage  and  management.  We  help  cus¬ 
tomers  of  all  sizes  manage  their  growing  information  -  from  the 
time  of  its  creation  to  its  archival  and  eventual  disposal  -  through 
information  lifecycle  management.  EMC  -  where  information  lives. 

(508)  435-1000  •  www.emc.com 


Invest 

Northern 

Ireland 

Invest  Northern  Ireland 

Invest  Northern  Ireland  (Invest  NI)  is  the  agency  responsible  for 
economic  development  in  Northern  Ireland.  Invest  NI  partners 
with  companies,  helping  them  assess  their  business  needs  and 
develops  customized  near-shore  solutions  that  incorporate 
Northern  Ireland's  educated  workforce  and  well  developed  busi¬ 
ness  and  technology  infrastructure.  Northern  Ireland:  We  invest  in 
your  success. 

(617)  266-8839  •  www.investni.com/invest 


SPONSORS 


motive 


Motive,  Inc. 

Motive  is  a  leading  provider  of  management  software  that  enables 
technology  products  to  manage  themselves.  Companies  world¬ 
wide  have  used  Motive  software  to  build  self-management  intelli¬ 
gence  into  their  networks,  systems  and  applications  —  allowing 
these  technologies  to  self-install,  self-diagnose,  and  self-repair,  or 
guide  users  through  simple  steps  when  necessary. 

(512)  339-8335  •  www.motive.com 

N0RTEL 

NETWORKS 

BUSINESS  WITHOUT  BOUNDARIES 

Nortel  Networks 

Nortel  Networks  is  a  trusted  leader  in  empowering  enterprises  to 
profit  from  the  convergence  of  voice,  data,  video  and  applications 
on  wired  and  wireless  networks.  With  our  reliable  and  secure 
high-performance  solutions,  customers  can  deploy  converged  net¬ 
works  and  applications  tapping  into  a  powerful  solution-set 
encompassing  data  networking,  multimedia  communications, 
security,  network  management  and  customer  contact  technologies. 

(919)  992-5000  •  www.nortelnetworks.com/solutions/enterprise 


IUALCO/VWV 

Qualcomm,  Inc. 

QUALCOMM  Incorporated  is  a  leader  in  developing  and  delivering 
innovative  digital  wireless  communications  products  and  services 
based  on  the  Company's  CDMA  digital  wireless  technology. 

(858)587-1121  •  www.qualcomm.com 


Virtusa 
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Virtusa  Corporation 

A  global  provider  of  software  development  and  related  IT  services, 
Virtusa  specializes  in  increasing  business  agility  and  IT  efficiencies 
for  Fortune  1000  enterprises  and  leading  software  product  compa¬ 
nies.  Founded  in  1996  and  headquartered  in  Massachusetts,  Virtusa 
has  offices  and  technology  centers  throughout  the  US,  UK,  India 
and  Sri  Lanka. 

(508)  389-7300  •  www.virtusa.com 


■£ 


m 


i 


Vortex  2004  sponsor  company  profiles 

SETTING  THE  IT  AGENDA 

Thank  you  for  supporting  VORTEX  2004  and  making  the  event  a  success! 


GOLD  SPONSOR 


FiBERLINK 


Fiberlink  Communications 

Fiberlink,  a  leading  provider  of  secure  remote  access  solutions, 
unifies  worldwide  access,  security  and  enforcement  within  exist¬ 
ing  IT  policy.  Offering  multiple  transport  options  and  the  integra¬ 
tion  of  best-in-class  security  technologies,  Fiberlink  solutions  put 
the  control  of  the  extended  enterprise  into  the  hands  of  IT  - 
allowing  mobile  employees  to  remain  productive,  while  IT  secures 
assets,  controls  costs  and  manages  corporate  policies. 

(800)  LINK  NOW  •  www.fiberlink.com 


GOLD  SPONSOR 


Juniper  Networks 

Juniper  Networks,  headquartered  in  Sunnyvale,  CA,  is  a  leading 
global  provider  of  networking  and  security  solutions  that  support 
the  complex  scale,  security  and  performance  requirements  of  the 
world's  largest  and  most  demanding  mission  critical  networks, 
including  the  world's  top  25  service  providers  and  eight  of  the  top 
15  Fortune  500  companies. 

(408)  745-2000  •  www.juniper.net 


GOLD  SPONSOR 


Qwest. 

Spirit  of  Service'" 

Qwest  Communications 

Qwest  Communications  is  a  leading  provider  of  voice,  video  and 
data  services.  Qwest  is  committed  to  the  "Spirit  of  Service"  and 
providing  world-class  services  that  exceed  customers’  expecta¬ 
tions  for  quality,  value  and  reliability.  For  more  information,  visit 
Qwest  at  www.qwest.com/networksolutions. 

(800)  899-7780  •  www.qwest.com 


GOLD  SPONSOR 


VeriSign 


The  Value  of  Trust  ” 

VeriSign,  Inc. 

VeriSign,  Inc.  (NASDAQ:  VRSN)  operates  intelligent  infrastructure 
services  that  enable  organizations  and  individuals  to  find,  con¬ 
nect,  secure  and  transact  across  today's  complex  global  networks. 
Every  day  VeriSign  helps  enterprises,  carriers  and  government 
agencies  to  gain  new  revenue  streams  by  mitigating  issues  of  cost, 
compliance  and  complexity. 

(650)  961-7500  •  www.verisign.com 
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■  CAREER  DEVELOPMENT 

Implementing  ITIL 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 

The  state  of  Michigan’s  gradual  rollout  of  ITIL’s  best  practices  has  eased  growing  pains. 

Cataloging  change 

“Too  often,  IT  departments  become  their  own  worst  ene¬ 
mies,”  McDonough  says. “Something  breaks  and  we  fix  it, 
and  then  that  fix  breaks  something  else.  We  wanted  to  for¬ 
malize  the  process  so  we’re  not  trying  to  upgrade  a  server 
at  the  same  time  someone  else  is  trying  to  back  it  up.” 

The  Michigan  team  found  in  one  case  that  on-call  staff 
were  repeatedly  —  albeit  promptly  and  efficiently  —  fix¬ 
ing  a  server  that  consistently  lost  connectivity  during  the 
night,  which  pushed  up  the  states  overtime  bill.  But 
because  there  was  no  consistent  way  to  capture  this  data 
and  identify  a  persistent  problem,  the  root  cause  of  the 
disconnections  was  never  addressed. 

ITIL-based  problem  resolution  identified  the  cause  and 
created  a  permanent  fix. The  state  is  saving  thousands  of 
dollars  just  in  this  one  case,  McDonough  says.  As  yet, 
there’s  no  overall  savings  estimates,  but  1TIL  has  dramati¬ 
cally  reduced  the  number  of  changes  gone  bad.  All 
changes  now  are  scheduled  and  visible,  and  changes  are 
only  approved  if  they  have  a  “back-out  plan” —  a  process 
for  restoring  the  system  to  its  original  state  if  the  change 
fails  for  any  reason. 

Because  1TIL  focuses  on  best  practices,  it  lends  itself  to 
an  approach  of  small  steps.  One  of  McDonough’s  first 
small  steps  was  forming  a  cross-disciplinary  team  of  IT 
workers.The  goal  was  to  create  what  he  calls  a  “consistent 
baseline”  —  a  standard  description  of  the  current 
processes  in  the  IT  department.  He  focused  on  incidents 
or  events  that  affect  the  quality  of  a  given  IT  service, such 
as  e-mail, and  on  problems,  which  IT1L  defines  as  a  recur¬ 
ring  incident  patterns. 


■  BY  JOHN  COX 

How  do  you  convince  your  network  and  IT  professionals  to  adopt  “best  practices”  when 
they  think  they  already  have  them?  Simply,  selectively,  realistically  and  patiently  says 
Robert  McDonough,  IT  manager  for  process  development  and  support  for  the  state  of 
Michigan  in  Lansing. 


“There’s  only  so  much  change  you  can  inflict  on  folks  at 
any  one  time,”  McDonough  says. 

Last  January,  the  state’s  2,000-person  IT  department 
began  using  parts  of  the  IT  Infrastructure  Library  (ITIL). 
ITIL  is  a  set  of  best  practices  meant  to  ease  IT  manage¬ 
ment  pain  by  creating  uniform,  well-documented 
processes  for  tasks  such  as  problem  identification  and 
resolution,  hardware  or  network  changes,  software 
updates  and  disaster  recovery. 

But  ITIL  lacks  a  set  of  best  practices  for  its  own  adop¬ 
tion,  so  McDonough’s  team  worked  out  their  own. 

“We  were  trying  to  change  the  culture,”  he  says.“We  start¬ 
ed  out  with  the  idea  of  learning  a  common  language  [for 
IT  processes]  .That  let  us  insert  ITIL  in  a  manageable  way.” 


“ITIL  will  say, ‘Here  are  the  best  practices  for  organizing 
this  process,  here’s  what  you  need,  who  you  need,  and 
here’s  how  information  should  flow  between  the  various 
people  and  groups,”’ says  Jean-Pierre  Garbani,vice  presi¬ 
dent  at  Forrester  Research.  “You  can  start  with  this  and 


ITIL  adoption 


Long  used  in  Europe,  ITIL  best  practices  for  IT  service 
management  are  gaining  converts  stateside. 


Interest  in  ITIL: 


Actively  implementing 

18% 


Evaluating/pilot  stage 

12% 


Following  a  wait-and- 
see  approach 

12% 


Don’t  know 
much  about  ITIL 

29% 


*Total  exceeds  100  because  of  rounding. 

SOURCE:  SUMMIT  STRATEGIES 


then  adopt  or  adapt  ITIL  to  other  processes  in  the 
IT  group.” 

The  ITIL  terminology  gave  the  Michigan  team  a 
common  language  and  set  of  concepts,  which  was  the 
foundation  for  the  next  step:  looking  at  the  gap  between 
current  practices  for  a  given  process  and  those  ITIL  rec¬ 
ommends. 

Adopting  ITIL  calls  for  realism  and  diplomacy.  “You’re 
asking  someone  to  work  differently’ says  Loy  Allen,  leader 
of  global  infrastructure  services  consulting  for  Perot 
Systems.“This  isn’t  just  about  processes  and  tools,  but  the 
people  who  use  them. That’s  almost  always  the  most  chal¬ 
lenging  part.” 

To  deal  with  that  challenge,  McDonough’s  group  came 
up  with  the  idea  first  of  “ITIL  Lite”  and  then  “ITIL  Ultralite.” 

In  both  cases,  the  idea  was  to  take  the  ITIL  elements 


most  relevant  to  the  state  IT  group’s  challenges  —  inci¬ 
dent,  problem  and  change  management.  “We  wanted  to 
avoid  push  back,”  McDonough  says. 

So  for  example,  instead  of  collecting  all  the  data  for  an 
!TlL“problem  record,”  the  Michigan  record  has  just  three 
parts:  description  of  the  incident,  results  of  the  root  cause 
analysis  and  the  proposed  solution.  Rolling  out  Ultralite 
went  smoothly,  and  the  team  has  added  more  elements 
so  that  the  IT  department  is  now  almost  at  the  Lite  ver¬ 
sion.  This  brings  in  a  greater  emphasis  on  configuration 
management. 


High-level  help 

Winning  high-level  support  is  a  vital  part  of  a  successful 
and  sustained  ITIL  implementation,  says  Steve 
Day,  a  business  development  manager  at  Pink 

_  Elephant,  an  ITIL  consultancy.  “We  get  the 

executives  in  a  room  on  Day  1  and  tell  them 
what  we’re  doing,  and  why  to  get  their  buy-in,” 
he  says. 

For  McDonough,  that  level  of  backing  coa¬ 
lesced  near  the  end  of  the  three-month  roll¬ 
out.  The  ITIL  team  built  some  Web  pages  that 
showed  a  status  board  of  all  IT  incidents 
reported,  the  completed  and 
pending  responses,  and  the 
status  and  schedule  of  all 
changes.  These  pages  are  the 
heart  of  the  ITIL-inspired  daily 
7:30  a.m.  conference  call.  “A 
lot  of  problems  can  be  re¬ 
solved  right  there,”  Mc¬ 
Donough  says. 

Operations  staff  select  a 
subset  of  the  key  changes 
that  need  to  be  seen  by 
executive  management  out¬ 
side  the  IT  group  and  move 
these  to  a  separate  Web 
board,  with  summaries  writ¬ 
ten  plainly  for  a  nontechni¬ 
cal  audience.  Sometimes,  that 


U.S.  membership  in  the 
IT  Service  Management 
Forum  nearly  tripled  in 
the  past  three  years, 
from  550 

members  to  about 

1,600. 

And  the  number  of  local 
chapters  tripled  in  the 
past  year  to  20. 


audience  includes  the  governor. 

Persuading  IT  to  embrace  ITIL  can  build  on  existing 
strengths  in  existing  processes  and  professionalism. “There 
is  no  view  in  the  ITIL  community  that  ‘it’s  all  ITIL  or  noth¬ 
ing,”’ says  James  Kerrigan,  business  development  manager 
for  FoxIT,a  consulting  company  that  also  specializes  in  ser¬ 
vice  management.  “Strong  existing  processes  can  be 
plugged  into  ITIL.” 

So  can  strong  IT  staff. “These  folks  are  very  interested  in 
delivering  good  service  to  their  clients,”  McDonough  says. 
“Telling  them  ‘you  guys  aren’t  doing  a  good  job’ just  won’t 
cut  it.You  sell  ITIL  in  those  terms:  to  bring  better  value  to 
the  client  or  customer.”* 
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/  set  up  the  appliance  in  just  a  few 
minutes  and  it  found  all  my  errors. 
Now  DNS  and  DHCP  are  so  simple 
and  secure.  I  just  love  it ! 
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simple,  secure  and  affordable  appliances 


Schedule  your  free  demo  today. 

Visit  www.bluecatnetworks.com/adonis/nww 


Adonis  DNS/DHCP  Appliance 


BiueCat  Networks,  the  BiueCat  Networks  logo.  Adorns  DNS/DHCP  Appliance,  XHA  and  the  Adonis  logo  are  trademarks  of  BlueCat  Networks.  Inc. 
Active  Directory  is  a  registered  trademark  of  Microsoft  Corporation. 


CCM  Console 
Manager 


Dial  Access 
Client 


Network 


Serial 


Windows  Server 


Router 


Switch 


Your  virtual  crash  cart 


Port  Management 

Extend  Your  Reach 


Relax  and  fix  the  problem 
from  virtually  anywhere. 

When  critical  servers  or  network  devices 
malfunction,  the  Equinox  CCM  console 
manager  and  AVWorks®  management 
software  give  you  the  tools  to  securely 
and  quickly  restore  normal  functionality 
from  anywhere. 


Extend  your  reach. 


-Visit  Equinox  at:  - 

12004 


Pittsburgh,  PA 
November  8-1 1, 2004 

Booth  #1041 


For  your  free  white  paper  on 
Best  Practices  for  Secure 
Console  Port  Management  visit 

www.equinox.com/ccm4 

For  a  30-day  product  evaluation 
call  1-800-275-3500  ext.  247  or 
954-746-9000  ext.  247 


CCM  Console  Manager  features: 


SSH  v2/Telnet  host 
Strong  authentication 
Offline  buffering 
SUN  break  safe 


In/out  of  band  access 
Point  and  click  access 
to  serial  consoles,  KVM 
and  power* 


'  To  be  provided  in  future  upgrade  for  the  48-port  model. 


Telnet 

Client 


SSH 


Client 


AVWorks 
Software  Client 


One  Equinox  Way,  Sunrise  FL  33351,  email:  sales@equinox.com  or  for  international  customers  email:  intlsales@equinox.com. 

©  2004  Avocent  Corporation.  Equinox  and  AVWorks  are  registered  trademarks  of  Avocent  Corporation  or  its  affiliates.  All  other  marks  are  the  property  of  their  respective  owners. 


Cost-Effective  Console  Switch 


Intelligent  Serial  Port  Switch  with 

Internal  Modem 


■  Internal  33.6  Kbps  Modem 
a  Secure  Dialback  Feature 
B  Password  Protection 

■  Invalid  Access  Lockdown 

B  Periodic  Modem  “AT”  Refresh 
n  Seven  RS232  DB-9  Console  Ports 
fl  Any-to-Any  Port  Switching 
n  Non-Connect  Port  Buffering 
a  Data  Rate  Conversion  300  to  115K  bps 
d  AC  and-48  DC  Power  Options 


□ 
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The  APS-8M  Asynchronous  Port  Switch  is  a  cost 
effective  Terminal  Server  alternative,  plus  you  get  an  internal  modem 
which  saves  rack  and  cabling  hassles.  Connect  multiple  devices  for  on-site 
and/or  dial-up  remote  communications.  High  data  throughput,  full  modem 
and  data  flow  control  all  add  up  to  make  the  APS-8M  the  perfect  data  switch 
or  today’s  remote  network  management  applications. 


www.wti.com 


(800)  854-7226 


western  telematic  incorporated 

5  Sterling  *  Irvine  »  California  92618-2517 


Celebrating  our  40th 
Year  in  DataCom 


“Keeping  the  Net.. .Working!” 


SERVERS  WITHIN  YOUR  I 

FROM  ANYWHERE 


VV;r..u 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 

Recognized  as  the  pioneer  of  KVM  switch 
Technology,  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 

Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 
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RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


CrystalView  I’m 


Crystal  View  Pm 


»w™  Pro  Fiber 

GA  DIGITAL  KVM  EXTENDERS  OVER  FIBER 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  Texas  77099 


Local  or  Remote  Server  Management  Solutions 


p :  TechSupport  -  UtUaUnk  Viewer 
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UltraLink 

REMOTE  KVM  ACCESS  OVER 
ETHERNET  OR  DIAL-UP 


Connect  to  remote  computers  over  Ethernet  or  dial-up 
Single,  dual,  quad  models 

Up  to  1280x1024  resolution,  supports  all  platforms 
Scaling,  scrolling,  and  auto-size  features 

Easy  to  install,  give  it  an  IP  address  and  run  the  remote  client,  no 
licensing  required 

Quad  screen  mode  allows  you  to  see  four  servers  from  one  screen 
Secure  encrypted  operation  with  login  and  computer  access  control 


UltraMatrix  Remote™ 

REMOTE  MULTIPLE  USER  KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1000  computers  to  multiple  user  stations  over  IP  or  locally 
High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 

Secure  encrypted  operation  with  login  and  computer  access  control 
Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


UltraMatrix™  E-series 

PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 
Advanced  visual  interface  (AVI) 

Powerful,  expandable,  low  cost 
Easy  to  expand 

No  need  to  power  down  most  servers  to  install 
Security  features  prevent  unauthorized  access 
Free  lifetime  upgrade  of  firmware 
Video  resolution  up  to  1600  x  1280 
Available  in  several  models 


UltraConsole u 

PROFESSIONAL  SINGLE-USER  KVM  SWITCH 
SUPPORTS  UP  TO  1000  COMPUTERS 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 
Connects  to  PS/2,  Sun,  USB,  or  serial  devices 
Converts  RS232  serial  to  VGA  and  PS/2  keyboard 
Free  lifetime  upgrade  of  firmware 
Security  features  prevent  unauthorized  access 
Full  emulation  of  keyboard  and  mouse  functions  for 
automatic,  simultaneous  booting 
Easy  to  expand 


Vista™  &  Vista-Mini 

LOW  COST  SINGLE-USER  KVM  SWITCH 
SUPPORTS  UP  TO  64  COMPUTERS 


Low  cost  and  easy  to  use 
Saves  physical  space,  equipment  and  power  costs, 
reduces  clutter 

Available  in  two  different  styles 

•  DB25  connectors,  use  Rose  UltraCable,  supports 
USB 

•  PC  connectors,  use  a  separate  cable  for  keyboard, 
mouse,  and  monitor 

Front  panel  LEDs  show  power  &  connection  status 
Heavy-duty  steel,  fully  shielded  chassis 
Rackmountable 


CrystalView  Cat  5  &  6 
CrystalView  Plus™ 

KVM  EXTENDERS  OVER  CAT  5  &  6 


Extend  your  KVM  station  up  to  1,000  feet  from  your  computer 

using  standard  CAT  5/6  cables 

VGA,  PC,  Sun,  Serial,  Audio,  and  Mini  versions 

Available  in  2  models: 

•  Single  Access  -  Extends  keyboard,  monitor,  and  mouse 
50  to  1,000  feet  away 

•  Dual  Access  -  Allows  you  to  add  a  second  keyboard, 
monitor,  and  mouse  to  the  local  unit 

Fully  buffered  signals  to  ensure  consistent  remote  operation 
of  your  PC 
CrystalView  Plus 

Available  in  single,  dual,  and  quad  video  models 
Video  resolution  up  to  1600  x  1200 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +44(0)1264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 


800  333  9343 

WWW.ROSE.COM 


ELECTRONIC'" 


www.nwfusion.com 


ERGING  MARKETS 
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GTA  Firewall  Products 

Tough  Network  Security 


Choose  from  5  Firewall  Appliances  to 
Match  Your  Network  Infrastructure 

Easy,  Flexible  Implementation 

Certified  to  ISCA  4.0  Corporate 
Standards 

IPSecVPN 

Surf  Sentinel®  2.0  -  Content  Filtering 


H2A  -  High  Availability 

Gigabit  Ethernet  Support 

NIC  expansions 

Affordable  pricing 

GTA  Experience  -  Building 
Firewalls  for  Over  1 0  Years 


i 
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How  Do  You 
Distribute 


Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


Power  demands  from 
today's  new  servers  require 
greater  power  distribution 
in  the  equipment  cabinet. 
The  Sentry  CDU  distributes 
power  for  up  to  42  dual¬ 
power  1 U  servers  in  one 
enclosure.  Single-phase  or 
3-phase  input  with  110  VAC, 
208  VAC  or  mixed  110/208 
VAC  single-phase  outlet 
receptacles. 


Production  Tracking  Over  Ethernet 

Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 

Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

COMR  TKHWISE. 

Call  1-800-255-3739  or  visit  www.computerwlse.Goni 
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www.nwfusion.com 


MAKKt I PLA 


EMERGING  MAR 


lOOM  mm  vs  is 


:do.i  Rnavsis 


no  Si&fiRt 


Choose  a  network  analyzer  that  puts  you  in  the  driver's  sea 


loot!  RORIVSIS 


j|g»  w&mm  _ . , 


FORESIGHT 


CRPREiTv  PLRnnmG- 


Stacking  Racks 


Server  Racks 


BCPRESS 


H3eC[!MR*mt 


Tel:  408.727.1122 
Fax:  408.727.8002 


technologies,  inc. 


SANTA  CLARA,  CA  9  5D54 
INFD@RECURRENT.COM 


WWWiRECURRENT.COM 


INSTRUMENTS 


i-.  - 


How  much  does  your  network  analyzer  s  • 


Observer  is  the  only  fully  distributed  network  analyze .  built 
to  monitor  the  entire  network  (LAN,  802.1  la/b/g,  Giga  bit, 
WAN).  Download  your  free  Observer  10  evaluation  today 
and  see  how  Observer  puts  you  in  the  driver's  seat  with  more 
real-time  statistics,  more  in-depth  analysis  and  more  network 
advantages  than  ever  before.  Choose  Observer. 


-CRPRC  i  tv  PLRnn  i  RG-  Determine  how  much  bandwidth 
your  router  will  need  based  on  historical  usage  patterns  with 
Network  Trending. 


-FORES  i  Ght-  Predict  how  network  changes  will  affect 
your  response  times  with  "What-lf 1  Modeling  Analysis. 


-no  SiGRRi-  Find  rogue  access  points,  monitor  access 
point  load  and  scan  wireless  channels  continuously  with  over 
50  WLAN  Expert  Conditions. 


US  &  Canada 


toll  free  800.526.5958 
fax  952.932.9545 


UK  &  Europe  +44(0)  1959  569880 

www.networkinstruments.com/analyze 


79,507  SIZES.JN  STOCK! 


19”  Racks 
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Cube 


A  New  “Patent  Pending”  Rack  Design 

Assemble  Any  Size  Rack  Using  Only  3  STOCK  Parts 

Choose  any  width,  depth,  &  height  of  dual-tapped  E.I.A.  rack 
rail  from  one  of  43  sizes  in  1-3/4”  rack  unit  increments.  Ships 
knocked-down  in  3  small  cartons.  Build  all  kinds  of  neat  stuff ! 


uemer 

4RU 13”  Deep ->$159.85 
43  RU  30"  Deep  -  $264.85 
Shop  On  line 

www.starcase.com/rack.htrn 
(S00)822-STAR  (TS27) 

{ 800)782-CASE(m 


Systems/Features/Memory 


CISCO 


■mmM 

CBlCs/Cables/Parts 


Also  Available:  Extreme,  Adtran 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 


The  # 1  Network  Remarketer 

9S2«835.5502 

Fax  952*835*1927  www.comstarinc.com 


^IMmate  Monitor 

[  $389 

Ethernet/Web 

Rack  Mounted 

Temperature 

Monitor  Multiple  Cabinets 

Air  Flow 

!  Humidity 

HTML  (no  client  needed) 

Door  position 

SMTP  (e-mail  alerts)  1 

Sound 

SNMP  (MIB,  Traps) 

Light  Level 

Graphing 

Power 

Console 

Video  optional 

16  external  sensors 

Orr  Watchdogs 

See  it  working  at: 

www.ITWatchdogs.com 

http://63.237.104.17 

512-257-1462 

www.smcplus.com/tips 


m 


Unique  technical  furniture 
solutions  at  your  fingertips 


sme 


Total  Solutions  in  >  enterprise  enclosures 

>  network  operations  centers 

>  monitoring  &  management  control 

Log  on  for  free  "Practical  Guide  to  Cooling' 


Technical  Furniture  Solutions 


PO  Box  431  •  Conklin,  NY  13748 
1  -800-SMC-PLUS  •  www.smcplus.com 
A  wholly  owned  subsidiary  of  Fisher  Hamilton,  LLC 


Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 


Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 


(Search 


ItSearch 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  &  PDF  while  displaying  embedded 
links,  formatting  &  ffnPOTiH 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


dtSearch 


Industrial-strength.. 
$uperb"-PC  Magazine 


Industrial-strength .. 
SUperb"-PC  Magazine 


dtSearch  Reviews... 

♦  “The  most  powerful  document  search  tool  on  the  market” 

—  Wired  Magazine 

♦  “Intuitive  and  austere  ...  a  superb  search  tool”  —  PC  World 

♦  “Blindingly  fast”  — Computer  Forensics:  Incident  Response 

Essentials 

♦  “A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦  “Covers  all  data  sources  ...  powerful  Web-based  engines” 

—  eWEEK 

♦  “Searches  at  blazing  speeds”  —  Computer  Reseller  News 

Test  Center 


dtSearch 


2r|"lndustrial-strength ... 
I  superb"-pc  Magazine 


Industrial-strength.. 
superb"-pc  Magazine 


Industrial-strength.. 
superb"-pc  Magazine 


ItSearch  developer  or  multi-user  licenses  in  the  past  two  years 


ESJCTpB 


I  PUBLISH] 
Hr  coy DVD 
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OU  WANT  COMPLETE  VISIBILITY. 


MAKE  IT  HAPPEN. 

Remote  Monitoring  Solutions 

RMON  and  HORMON  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
RMON  and  HCRMON  Probes  from  Network  Instruments,  it’s  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RMON  appliance 
(available  in  1U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
information  or  visit  our  website  at  www.networkinstruments.com/RMON. 


*  Full  compliance  with  RM0N1;  RM0N2  and  HCRMON 
1  High  capacity  RMON  Probes  provide  full-duplex  Gigabit 

capture  compatible  with  any  RMON  management  console  or 
V  ,  collection,  facility  (Observer®,  OpenView,  Concord®, 

!  '•  NetScout' ;  Micromuse™) 

•  Complete,  industry  standard,  software-based  probes  for 

I  •  Windows  2000/XP 

|  >  Software  based,  non-dedicated  data  collection 

jatible  with  Network  Instruments’  optimized  ErrorTrak™ 
L;  NOIS  drivers,  which  display  true  errors-by-station. 


One  Network  Complete  Control 

Wired  to  Wireless  •  LAN  to  WAN 


mmm 


US  &  Canada:  (952)  932-9899 

Toll  free:  (800)  526-7919 

UK  &  Europe:  +44  (0)  1959  569880 


www.networkinstruments.com/RMON 
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©  2003  Metwork  Instruments,  LLC.  All  rights  reserved.  Network  Instruments,  Observer,  ErrorTrak  and  the  Network  Instruments  logo  are  trademarks 
or  registered  trademarks  of  Network  Instruments,  LLC.  All  other  trademarks,  registered  or  unregistered,  are  sole  property  of  their  respective  owners. 


Reading  someone 
else's  issue  of 

NetworkWorld? 

Subscribe  today  and  receive  your  own 
1-year  subscription  for  FREE 

a  $129.00  value! 

Go  to  http://subscribenw.com/mynw  for  your  free  subscription. 
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FIBER  OPTIC  SOL  UNO  NS 


•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO-9001 

•  USB  Modem  and  Hub 


p.f.  v  m 

Toll  Free  866  SITech-1 
630-761-3640,  Fox  630-761-3644 
www.sitech-bitdriver.com  or  www.sitechfiber.com 


Luggage,  Fine  Leather  Goods, 
Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo, 
Samsonite,  Cross 
10%  discount  for  Network 
World  readers 
Enter  code  NWW2004 
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IT  Careers:  ITAA  Report  Pinpoints  2004  Hiring  Trends 


If  it  feels  like  there's  even  more  competition  for  even  fewer 
jobs,  you're  right.  According  to  the  2004  Workforce 
Development  Survey  from  Information  Technology 
Association  of  America,  hiring  managers  will  recruit  just 
under  230,000  IT  professionals  this  year.  That's  down  from 
2003  when  500,000  IT  workers  were  hired  with  a  net 
increase  of  approximately  200,000  new  jobs. 

The  ITAA  report  echoes  the  latest  forecast  from  tech  hiring 
firm  Robert  Half  &  Associates.  The  Robert  Half  survey  of 
1,400  chief  information  officers  reports  a  fourth-quarter 
hiring  increase  of  1%. 


What  They're  Looking  For 

According  to  the  ITAA  report  and  despite  repeated  focus  by 
CIOs  on  a  blend  of  educational  and  business  capability,  the 
most  important  requirements  for  landing  a  job  in  2004  are 
related  job  experience  and  a  four-year  degree.  The  hiring 
managers  also  identified  certifications  and  other  on-going 
learning  as  tickets  to  consideration.  For  the  first  time,  the 
managers  also  pointed  to  interpersonal  skills  as  critical  in 
landing  a  job  -  more  important,  in  fact,  than  team  building 
and  program  leadership. 


Despite  the  continued  trend  of  holding  the  line 
on  cost  and  productivity,  the  500  hiring 
managers  polled  by  ITAA  in  its  annual  survey 
did  have  sound  advice  and  data  to  help  IT 
professionals  look  at  their  own  career  plans. 


*2004  IT  Workforce:  Job  Categories  as  a  Percentage  of  Total  IT  Workforce 


Web 

Development 

9% 


What's  Driving  the  Hiring 

Varied  trends  are  driving  the  hiring  for  2004. 

They  include  the  opening  of  entirely  new 
markets  for  IT  products  and  services.  Opening 
India,  China,  Africa  and  other  countries  to 
technologies  will  require  newly  defined 
products  that  meet  requirements  for  harsher 
environments  -  from  lack  of  electricity  to 
illiteracy.  At  the  same  time,  there  are  strident 
requirements  on  cost  as  the  developing 
countries  need  technology  that's  inexpensive 
and  easily  used.  Other  trends,  identified  by  ITAA,  include 
the  need  to  push  technology  to  do  more  for  business  and 
for  everyday  living,  new  quality  and  value  expectations, 
methods  to  simplify  increasingly  complex  capabilities,  and 
new  demands  for  national  and  business  security. 


Network 
Systems 
7% 


Digital 

Media 

7% 


Technical 

Writing 

5% 


Programming 
20% 


Database 
10% 


Enterprise 

Systems 

11% 


Other 

12% 


Specifically,  software  programmers  and  engineers  continue 
to  make  up  the  biggest  segment  of  the  job  market. 
However,  the  largest  increases  in  hiring  come  in  other  areas 
-  technical  support,  network  systems,  and  database 
development  and  mining.  The  hiring  managers  report  that 


tech  support,  long  the  focus  of  outsourcing,  ir :  I  tides 
everything  from  call  center  support  to  installation  of  new 
equipment  and  systems  to  replace  aging  technology. 

Where  the  Jobs  Are 

Just  as  important  as  the  right  mix  of  skills  and  personality 
is  the  ability  to  go  where  the  jobs  are.  The  ITAA  workforce 
survey  found  that  hiring  and  IT  populations  continue  to 
move  across  the  country,  bridging  the  two  coasts. 

The  South,  as  a  region,  has  the  most  IT  workers  with  3.1 
million.  In  2004,  companies  in  the  South  expect  to  hire 
71,199  additional  IT  professionals.  The  Midwest 
follows  closely  with  hiring  managers  planning 
to  bring  on  60,413  workers. 

While  the  geographic  mix  is  fairly  strong,  so  too 
is  the  mix  of  types  of  businesses  and  services 
that  are  hiring.  According  to  the  ITAA  survey  72 
percent  of  the  jobs  will  be  found  in  small 
business  versus  mid-sized  or  large  companies. 
And  just  under  80%  of  the  jobs  will  be  in  non- 
IT  companies. 

echnical 

Support  "Source:  ITAA  "Adding  Value... Growing  Careers 
1 9%  Annual  Workforce  Development  Survey,"  2004 


For  more  information  about  IT  Careers  advertising, 
please  call:  800.762.2977 
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SENIOR  WEB 
DEVELOPMENT  ANALYST 

ADT  Security  Services,  Inc.  has 
an  opening  in  Boca  Raton. 
Florida  for  a  Senior  Web  Devel¬ 
opment  Analyst. 

Analyze  business  procedures 
and  problems  to  develop  specifi¬ 
cations  and  convert  them  to  pro¬ 
grammable  form  for  electronic 
data  processing.  Confer  with 
organizational  units  involved  to 
determine  specific  web  output 
requirements.  Study  existing 
data  systems  to  evaluate  effec¬ 
tiveness  and  develop  new,  or 
modify  current,  web  systems  to 
improve  production  workflow. 

Must  possess  at  least  a  bache¬ 
lor's  or  its  equivalent  in  Comput¬ 
er  Science  or  a  related  field,  and 
relevant  work  experience.  Ex¬ 
perience  must  include  Oracle, 
SQL  and  WebSphere  Adminis¬ 
tration. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  SWDA/ZFIS  or  it  will  be 
rejected. 

Forward  resume  to  Theresa 
Maia,  ADT  Security  Services, 
Inc.,  One  Town  Center  Road. 
Boca  Raton,  FL  33486. 


Tryarc  LLC  has  openings  for 
Software  Engineers  in  CA  w/  at 
least  2  yrs  of  exp.  Job  Duties 
Analyze,  dvlp,  dsgn,  test  and 
implmt  software  applns  using 
Eclipse,  VSS,  ANT.  XDoclet, 
JSP,  EJB,  WebLogic,  Tomcat, 
CVS,  Oracle  and  Rational  Rose 
on  Windows  platform,  and  Struts 
Framework  based  on  multi-tier 
and  MVC  architecture.  Reqs: 
Master's  degree  or  equiv.  in 
Engg.  or  Comp.  Sci.  A  bache¬ 
lor's  degree  with  at  least  5  yrs. 
of  exp.  is  acceptable.  Exc  pay  & 
benefits.  Fwd  resumes  with 
proof  of  work  status  to: 
iobs@trvarc.com. 


Software  Engineer,  Ports¬ 
mouth,  NH:  Design,  develop, 
test  and  document  EAI,  B2B, 
B2C  and  Windows  Applica¬ 
tions  utilizing  ASP.NET,  VB.- 
NET,  C#,  Biztalk  Server  2002, 
Attunity  Connect,  Commerce 
Server  2002,  Content  Manage¬ 
ment  Server  2002,  Java,  JSP, 
JavaScript,  VBScript,  Visual 
Basic,  XML,  XSL.  DHTML, 
HTML,  COM  and  DCOM  in 
Windows  2000  Server  and  Un¬ 
ix  environment.  Analyze  user 
requirements  and  write  design 
specification  documents.  Util¬ 
ize  SOAP,  XML/XSL  techniqu¬ 
es  for  EAI  Applications.  Write 
Stored  Procedures  and  Trig¬ 
gers.  Perform  data  migration, 
schema  design  and  create 
database  objects  in  databases 
such  as  Oracle,  SQL  Server 
and  AS/400.  Assist  in  the  pre¬ 
paration  of  technical  manuals, 
oversee  custom  installation  of 
software  products  and  provide 
technical  support.  Masters  or 
Foreign  Eqvlt.  in  Comp.  Sci¬ 
ence  or  Engg  or  Related  and 
one  year  of  exp.  in  the  job  of¬ 
fered.  $83,500/-yr,  9am-6pm, 
40hrs/wk.  Send  two  copies  of 
resume/letter  of  application  to 
Job  Order  #  2004-445,  PO 
Box  989,  Concord,  NH  03302- 
0989. 


SAP  Business  Systems  Analyst. 
Thomson,  Inc.  is  seeking  an  SAP 
Business  Systems  Analyst  to 
consult  with  clients  regarding 
SAP  software  systems,  provide 
SAP  analysis,  redesign,  and  con¬ 
figuration  of  clients'  business 
procedures,  policies,  and  pro¬ 
cesses,  and  act  as  liaison  be¬ 
tween  the  application  developers 
and  the  business  community  to 
define  business  and  system 
requirements.  Must  have  4  years 
of  experience  in  SAP  consulting 
and  configuration.  Send  cover 
letter  and  resume  to:  Betty 
Moreno-Silva,  Manager.  Human 
Resources,  Thomson,  Inc.,  3233 
East  Mission  Oaks  Boulevard, 
Camarillo,  CA  93012.  Please  ref¬ 
erence  Job  #AMM  in  your  cover 
letter. 


Omnisoft,  Inc., 

Software  Engineers:  Research, 
design,  develop,  analyze,  test, 
and  recommend  software  re¬ 
quirements  for  E-commerce  da¬ 
tabase  applications  as  well  as 
develop  and  perform  database 
maintenance  for  automobile  and 
insurance  industry  clients.  Use 
object-oriented  programming 
using  Oracle,  Java,  Perl,  XML, 
Solaris,  Web  logic,  C++  and  cur¬ 
rent  Web  Technologies  in  Win¬ 
dows,  Unix,  and  Linux  environ¬ 
ments.  Need  Bachelor's  Degree 
in  Computer  Science  or  related 
and  2  years  of  experience.  Pro¬ 
grammer  Analysts:  Design  and 
develop  Enterprise  Resource 
Planning,  Customer  Relation¬ 
ship  Management,  ASP,  Data- 
warehouse  applications.  Use 
current  web  technologies,  web 
services,  Stored  procedures  and 
SQL.  Work  in  Unix  Environment 
and  Unix  Schell  Scripting.  Need 
2  years  of  experience  in  relevant 
field. 

Send  resume  to:  HR  Manager. 
Omnisoft,  Inc.,  2215  W.  Russell 
Ave.  Sioux  Falls,  SD  57104  or 
via  e-mail  at: 

hr@omnisoftinc.net 


Programmer  Analyst  -  Java: 

Wanted  by  an  IT  consulting  firm 
in  Keene,  NHto  work  at  various 
client  locations  throughout  USA. 
Respond  to  HRD,  Infowave 
Systems,  39  Central  Square, 
Suite  #201  A,  Keene,  NH-03431 

Requires:  Bachelor  Degree  in 
Computer  Science  or  related 
field  and  one  year  experience. 
In  the  alternative  will  accept 
applicants  with  three  years  of 
university  level  education  plus 
three  years  of  experience  per¬ 
forming  analysis,  development 
and  testing  of  enterprise  web 
applications.  Primary  experi¬ 
ence  must  incl  working  with 
technologies  such  as  J2EE  . 
XML  suite,  BPMS,  Shell  scripts, 
RDBMS  Design.  Development 
and  Tuning.  Middleware  on 
UNIX. 


NE  OH  Software.  Co.  seeks 
Software  Eng.  I  to  assist  w/in 
designing/  developing  comput¬ 
er  sys;  apply  principals  and 
tech,  of  computer  science, 
engineering,  and  mathematical 
analysis;  analyze  software  req. 
to  determine  feasibility  of  de¬ 
sign  and  to  customize  Web 
and  Workflow  Solutions  at  dif¬ 
ferent  customer  sites.  Design 
/implement  customer  solutions 
utilizing  the  application  pack¬ 
age  developed  with  technology 
such  as  OnBase  API,  VB, 
JavaScript  and  Crystal  Re¬ 
ports.  Bachelor's  degree  in 
Information  Systems  or  equiv. 
and  3  mos.  exp.  in  job  /  job 
related  req.  exp.  must  include 
work  with  Visual  Basic/VB  .net 
programming  exp.  req.;  ASP / 
ASP  .net  exp.;  SQL  (Oracle, 
Sybase,  DB2,  MS  Access,  MS 
SQL  Server),  HTML.  Java¬ 
Script,  ASP,  PHP,  Korn  Shell 
Script,  UML  req.  Resumes: 
H.R.  Dept.,  TH  04,  28500 
Clemens  Road,  Westlake,  OH 
44145  or  email  to  nova.slusa@ 
onbase.com.  No  calls.  EOE. 


Oracle  Clinical  Consultant  to 
plan,  design  study  in  Oracle 
Clinical  4.0;  develop  DCMs, 
remote  data  entry  screens,  DCIs 
etc;  design,  develop  validation 
procedures  using  PL/SQL  in 
Oracle  Clinical's  validation  mod¬ 
ule;  develop  SAS,  SQL  views 
using  TOAD,  SAS,  Oracle 
Clinical;  perform  CRF  designing, 
database  building,  randomiza¬ 
tion,  query  resolution,  reporting, 
subject  randomization  algo¬ 
rithms  using  Oracle  Clinical. 
Normlab,  SAS,  SPSS,  Adobe 
Framemaker.  Require:  MS  in 
CS,  Computer  Engg  or  Statistics 
and  6  months  exp  in  Oracle 
Clinical,  SAS.  Competitive 
salary,  F/T,  travel  involved. 
Resumes  to:  Scott  Bryant. 
Judge  Technical  Services.  Inc.  3 
Davol  Square,  Suite  3A, 
Providence,  Rl  02903. 


IT  PROFESSIONALS 
Manager 

(Glen  Mills,  PA  and  other  locations  throughout  the  United  States).  Perform 
applications  development  and  systems  integration  work  utilizing  Oracle  E- 
business  suite,  middle  ware  technology  and  third  party  systems,  including 
Web  Application,  Data  Warehouse  and  legacy  systems  for  major  corpo¬ 
rate  clients  in  diverse  industries.  Engage  in  Software  Evaluation,  process 
reengineering,  vendor  planning,  conceptualizing,  and  envisioning  ad¬ 
vanced  technology  solutions  to  meet  the  business  needs  of  clients.  Re¬ 
sponsible  for  the  delivery,  implementation  and  support  of  Oracle  ERP 
Applications  modules  as  well  as  the  design  and  development  of  the  Cus¬ 
tom  Interfaces  including  receivables  TCA  Architecture,  Accounts  Payable 
(AP),  Accounts  Receivable  (AR),  Order  Management  (OM),  Install  Base, 
Service  Contracts  and  enabling  Check  and  Invoice  printing  through  Or¬ 
acle  Payables.  Oversee  the  data  conversion  from  the  disparate  systems, 
identify  and  make  tuning  recommendations  for  the  performance  issues 
related  to  Oracle  relational  database.  Involved  in  defining  the  Standards 
for  coding,  error  messages,  performing  the  code  reviews  and  ensuring  the 
quality  control  of  the  deliverables.  Participate  in  various  practice  develop¬ 
ment  activities,  including  conducting  technical  screens,  preparing  presen¬ 
tations,  mentoring  consultants  and  less  experienced  Senior  Consultants. 

$81, 600/year.  Mon-Fri  9:00am-5:00pm  The  minimum  requirements  are 
as  follows:  Bachelor's  degree  or  equivalent  in  Computer  Science,  Engin¬ 
eering  (any  type),  Information  Systems  or  Business  Administration  plus  4 
years  of  experience  in  the  job  offered  or  4  years  of  experience  as  a  Senior 
Consultant,  Consultant,  Senior  Systems  Engineer  or  Programmer 
Analyst.  Employer  will  regard  a  foreign  degree  to  be  equivalent  to  a  U.S, 
Bachelor's  degree  as  determined  by  an  accredited  credentials  evaluation 
service.  Related  experience  must  include  at  least  one  year  with  Oracle 
ERP,  including  TCA  architecture,  Accounts  Receivable  (AR),  Accounts 
Payable  (AP),  General  Ledger  (GL),  Order  Management  (OM),  PL/SQL, 
Data  Warehousing  and  Middle  Ware  Technology. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB456503  to 
the:  PA  CareerLink,  701  Crosby  Street,  Suite  B,  Chester,  PA  19013.  EOE. 


Computers 

Director  of  Consulting 
(Professional)  Services 

Manage  and  develop  the  Pro¬ 
fessional  Services  Department 
for  specialized  software  compa¬ 
ny.  Min.  MS/or  equiv.  mathemat¬ 
ics/computer  science  /  4  years 
project,  personnel,  operations 
mngt  for  orgs  of  more  then  7 
persons.  4  yrs.  exp.  document 
mngt,  digital  imaging,  and  Mic¬ 
rosoft.  NET.  Job  site:  Readsoft, 
Inc.,  Metairie.  LA  70002  (apply 
staffing-us@readsoft.com). 


Computer  Support  Specialist  - 
provide  tech  assist,  trou¬ 
bleshoot,  security,  train'g  &  sup¬ 
port  in  networked  web  enabled 
business  &  software 
(Webtrends,  Livestat)  us'g  VB, 
HTML,  ASP,  VB  &  Java  Script  & 
Cold  Fusion.  Investigate  & 
resolve  user's  soft/hardware 
probs.  Answer  inquiries  re  & 
assist  w/applics,  print'g,  word 
process'g,  programm'g  lan¬ 
guages,  e-mail  &  operat'g 
systms.  Plan,  implemt  &  admin 
info  systms  &  back  up  &  recov¬ 
ery  strategies.  35  hrs.  2  yrs  coll 
(Info  Tech)  +  2  yrs  exp  in  job  offd 
reqd.  Fax  resume  &  salary 
reqmts  to  (703)  952-0244,  Attn: 
H  R.  Reimers  Systs. 
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IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  U.S.).  Involved 
in  the  analysis,  development  and  implementation  of  systems,  or  business 
processes  by  utilizing  technical  expertise  and  knowledge  of  public  sector 
industry  as  well  as  state  and  federal  regulations,  including  the  design  of 
enterprise  level  Health  and  Human  Services  Systems.  Utilize  large  sys¬ 
tems  development  lifecycle  experience  to  build  and  implement  3-tier 
client/  server  application  systems.  Perform  needs  assessment  and  fit/gap 
analysis  between  client  requirements  and  existing  functionality,  and  cre¬ 
ate  technical  documentation.  Create  detailed  system  design  specifica¬ 
tions  for  program  objects,  and  system  /  technical  requirements  (business 
processes,  infrastructure,  interfaces,  reports,  enhancements,  and/or  con¬ 
version).  Develop  3-tier  client/server  application  systems  using 
Powerbuilder,  Visual  Basic  and  Visual  Basic  Script  with  Oracle  or  DB2 
back-end.  Create  test  data  and  write  test  scripts  and  scenarios.  Design, 
develop,  test  and  implement  interfaces  between  multiple  enterprise  level 
systems.  Perform  data  conversion  from  legacy  to  enterprise  systems. 
Create  design  specifications  for  conversion  programs,  develop  and  test 
conversion  programs  and.  scripts  and  assist  in  manual  conversion.  Create 
large-scale  transactional  processing  systems  utilizing  relational  databas¬ 
es  for  data  storage. 

Salary  $75,000  per  year.  Mon-Fri,  9:00  am  to  5:00  pm.  The  position 
requires:  Bachelor's  degree  or  equivalent  in  Engineering  (any),  Computer 
Science,  Math,  Business  Administration  or  Information  Systems  +  2  years 
of  experience  in  the  job  offered  or  2  years  of  experience  as  a  Systems 
Analyst,  Consultant  Research/Graduate  Assistant,  Network  &  Web  Server 
Admin.  Related  experience  must  include  at  least  1  year  of  consulting 
experience  in  Public  Sector  industry  including  State  and  Federal  regula¬ 
tions,  design  of  enterprise  level  Health  and  Human  Services  Systems; 
detailed  system  design  specifications  for  program  objects:  and  large  sys¬ 
tems  development  iifecycle;  Powerbuilder:  DB2:  and  3-tier  client/  server 
application  development 

Please  send  your  resume  or  C.V.,  referencing  Job  Order  Number 
WEB458827  to  the:  PA  Careerlink,  701  Crosby  Street,  Suite  B,  Chester, 
PA  19013-6096.  EOE. 


PROGRAMMER/ANALYST 

Werner  Enterprises,  Inc. 

Duties:  Design,  program,  main¬ 
tain  and  support  web-based  and 
Geographic  Information  Syst¬ 
ems  (GIS)  solutions  using 
advanced  object-oriented  pro¬ 
gramming  skills  with  current  web 
technologies  and  knowledge  of 
GIS  layer,  asset  management 
and  positional  tracking  technolo¬ 
gies. 

Education  &  Training:  Bachel¬ 
or's  degree  in  Computer  Sci¬ 
ence,  MIS  or  a  related  field. 

Experience:  Two  (2)  years  ex¬ 
perience  in  programming/web 
application  development  using 
GIS  and  J2EE  technology.  Re¬ 
quires  working  knowledge  of 
HTML,  Java,  Cold  Fusion  MX 
and  Flash  MX. 

Hours  &  Wages:  40  hours/ 
week;  $56, 100/year. 

Reference:  Persons  interested 
in  this  position  may  send  corre¬ 
spondence  to: 

Christina  Boyer-Hutfless 
Werner  Enterprises,  Inc. 
14507  Frontier  Road 

Omaha,  NE  68145-0308 

Please  reference  Code  # 
KAR001. 

Position  is  located  in  Omaha, 
Nebraska.  No  assistance  with 
relocation  expenses  is  offered 
by  the  Company.  Applicant 
must  have  proof  of  legal 
authority  to  work  in  the  United 
States. 

SR.  PROGRAMMER/ 

ANALYST  (WEB) 

Werner  Enterprises,  Inc, 

Duties:  Participate  in  require¬ 
ments  gathering,  analysis,  de¬ 
sign,  modification,  development, 
implementation  and  testing  of 
software  programming  applica¬ 
tion;  participate  in  code  reviews; 
and,  provide  some  mentoring  to 
junior  developers  on  techniques 
and  processes. 

Education  &  Training:  Bachel¬ 
or's  degree  or  foreign  equivalent 
in  computer  science  ora  related 
field. 

Experience:  Two  years  devel¬ 
opment  experience  in  a  corpo¬ 
rate  environment.  Also  requires 
in-depth  corporate  experience  in 
Cold  Fusion  MX,  Java  Script, 
HTML.  DHTML,  SQL  and  IIS. 

Hours  &  Wages:  40  hours/ 
week;  $65, 000. 00/year. 

Reference:  Persons  interested 
in  this  position  may  send  corre¬ 
spondence  to: 

Christina  K.  Boyer-Hutfless 
Werner  Enterprises,  Inc. 

Post  Office  Box  45308 

Omaha,  NE  68145-0308 

Please  reference  Code  # 
SAM  001 . 

Position  is  located  in  Omaha, 
Nebraska.  No  assistance  with 
relocation  expenses  is  offered 
by  the  Company.  Applicant 
must  have  proof  of  legal 
authority  to  work  in  the  United 
States. 

Database  Administrator:  Code, 
design  and  implement  and  Or¬ 
acle  database  applications  in 
Unix  and  NT  environment;  de¬ 
sign,  schedule  and  automate 
backup  and  recovery  proce¬ 
dures  ;  monitor  and  troubleshoot 
new  Oracle  releases;  tune  and 
optimize  database  perform¬ 
ance;  mentor  peers  in  PL/SQL 
programming,  Unix  K-shell 
scripting  and  database  con¬ 
cepts;  design,  build  and  admin¬ 
ister  Datawarehouse  system. 
Must  have  administration/devel¬ 
opment  experience  in  Oracle, 
datawarehouse  design/adminis¬ 
tration  in  healthcare  industry, 
PL/SQL,  UNIX  (Tru  64  &  AIX), 
Oracle  Portal,  NT  operating  sys¬ 
tems  and  Unix  shells  scripts,  Ja¬ 
va  Microsoft  Office  applications. 
Oracle  DBA  Certification  and  BS 
in  Information  Systems  or  relat¬ 
ed  field  plus  6  years  exp.,  or  MS 
in  Information  System  and  4  yrs. 
related  experience.  Prevailing 
wage  and  benefits.  AA/EOE. 
Send  resume  to  Children's 
Hospital,  1600  7th  Avenue  S, 
Birmingham,  Alabama  35233. 

Computer  &  Information  Syst¬ 
ems  Manager  to  analyze  multi¬ 
ple  versions  of  financial  busi¬ 
ness  software  to  oversee  pro¬ 
jects  involving  the  programming, 
coding,  and  testing  of  the  entire 
life  cycle  of  ProStaff  resource 
scheduling  software  to  insure 
customized  business  software 
conforms  to  end  users  business 
policies  and  informational  re¬ 
quirements.  Uses  Visual  Basic, 
ASP,  and  SQL  as  the  back  end 
to  modify,  install,  and  support 
customized  ProStaff  software  to 
insure  proper  functioning  in  vari¬ 
ous  platforms,  develops  real 
time  on-line  reporting  functional¬ 
ity  for  users,  and  insures  secure 
access  to  sensitive  information 
by  end  users.  Requires  Bachel¬ 
or's  Degree  in  Management 
Information  Systems  or  Informa¬ 
tion  Systems  Management.  Al¬ 
so  requires  education  to  include 
completion  of  coursework  in 
Project  Management,  Business 
Policy  and  Business  Finance. 
Send  resumes  only,  no  calls,  to: 
Jeffrey  L.  Kupiec,  Taylor  Made 
Software, Inc.,  28  E.  Jackson, 
Ste  1501,  Chicago,  IL  60604. 

Senior  Systems  Engineer/Pro¬ 
duct  Specialist  wanted  to  meet 
with  senior  mgmt.  at  customer 
sites  to  design  solutions  for  cus¬ 
tomers  involving  company  prod¬ 
ucts;  provide  Pre-/Post-sales 
tech,  support  for  commercial  & 
product  activities;  prepare  tech, 
responses  to  RFI's,  RFP's  & 
RFQ's;  provide  support  for  prod¬ 
uct  mgmt.  in  definition  of  product 
reqts.  &  direction  &  roadmap 
presentations  to  U.S.  custom¬ 
ers;  support  new  business  educ. 
&  workshops;  act  in  consulting 
role  for  select  customers  in  rela¬ 
tion  to  site  configurations,  prod¬ 
uct  applications  &  services,  & 
project  reqts.;  perform  investiga¬ 
tive  analysis  on  capacity  &  perf.; 
act  as  an  expert  in  all  areas  of 
software  test  process  with  com¬ 
mon  core  products;  provide  suit¬ 
able  product  branding  &  market¬ 
ing  presence;  provide  support  & 
direction  to  development,  test, 
open  issues  &  site;  use  past 
operational  knowledge  to  assist 
current  Operations  in  configura¬ 
tion  issues,  network  specific 
issues  based  on  Telecom  stan¬ 
dards  incl.  GSM,  TDMA,  CDMA; 
provide  assistance  in  emerging 
Telecom  Packet-switched  data 
technologies  such  as  GPRS  & 
IxRTT;  act  as  Multi-Media  Mes¬ 
saging  center  (MMSC)  Primary 
contact  for  the  Americas  region, 
resp.  for  defining  product  reqts.; 
work  with  standards  bodies  to 
ensure  that  MMS  technology  is 
successful  in  the  U.S.;  work 
with  handset  vendors  to  ensure 
that  handsets  are  MMS  capable; 
work  with  handset  apps.  pro¬ 
viders  on  BREW,  J2ME  &  Pock- 
etPC  Phone  Edition  providing 
functionality  reqts.  to  enable  su¬ 
ccessful  MMS  implementation; 
support  Operations  team  on 
tech,  escalations  in  IP  network¬ 
ing,  Oracle  8i,  LDAP,  HP-UX,  In¬ 
formix,  Ingres,  Opencall,  Solaris. 
Must  have  Bach.  Deg.  in  Comp. 
Sci.,  Elec.  Eng.  or  related  field  & 
3  yrs.  Eng.  Exper.  in  the  Tele¬ 
com  sector  working  with  cus¬ 
tomer,  Signaling  &  IP  networks, 
incl.  exper.  with  GSM,  TDMA, 
CDMA,  SS7  &  UNIX.  Salary 
$92,005/yr.  Send  2  resumes 
to  Case#200300272,  Division  of 
Career  Services,  Labor  Certif¬ 
ication  Unit,  19  Staniford  St.,  1st 
FI.,  Boston,  MA  02114. 


Senior  Quality  Assurance  Engin¬ 
eer  to  test  web-based  business 
and  financial  applications.  Dev¬ 
elop  formal  test  plans,  document 
software  bugs,  and  conduct 
regression  tests.  Develop  and 
execute  test  scripts.  Utilize  kno¬ 
wledge  of  business  and  financial 
products  and  software  to  write 
and  produce  test  scripts.  Organ¬ 
ize  and  implement  functional 
quality  assurance  schedule.  U- 
tilize  quality  assurance  tools  and 
methodologies.  Generate  scripts 
for  automation  with  WinRunner 
and  QTP  using  JavaScript  and 
VBScript.  Requires  Bachelor's 
or  equivalent  in  Computer  Sci¬ 
ence,  Engineering,  Mathemat¬ 
ics,  or  Physics  plus  three  (3) 
years  experience  in  Job  Offered 
OR  three  (3)  years  experience  in 
application  development.  Candi¬ 
date  must  also  possess  demon¬ 
strated  expertise  in  web  devel¬ 
opment  using  HTML,  JavaScript 
and  C++  including  development 
of  Oracle  database  interface 
with  Webserver;  demonstrated 
expertise  in  Project  Manage¬ 
ment,  including  QA  life-cycle, 
test  plan  development  and 
scheduling,  and  automating  test 
scripts  using  WinRunner  and 
QTP;  and  demonstrated  exper¬ 
tise  in  testing  Secure  Server 
Authentication  and  Authorization 
Systems  for  online  financial 
transaction  processing  systems 
Salary:  $85,385/yr,  M-F,  9AM- 
5PM.  Send  2  resumes  to  Job 
Order  #2004-348,  P.O.  Box  989, 
Concord,  NH  03302-0989.  EOE. 
Applicants  must  be  workers  eli¬ 
gible  to  accept  full-time  employ¬ 
ment  in  U.S. 


Prog  Analyst  to  work  with  Docu- 
mentum  4i/5i  products  including 
WebPublisher,  WebCache,  Ap- 
pln  Builder,  DFCs,  DQL,  WDK, 
W/kflows,  Lifecyles,  ACL's,  Ob¬ 
ject  models,  WebPublisher  cus- 
tomizations  and  configurations. 
Create  custom  Java  methods  on 
Documentum  eContent  Server, 
build  applns  w/  WDK.  Documen¬ 
tum  Admin  activities,  security  & 
user  mgmt.  Build  J2EE  applns. 
u/sg.  Jakarta  ANT  build  tool  & 
imp.  J2EE/Object  Oriented  d/zn. 
patterns  like  MVC,  Struts,  Sing- 
elton  Patterns.  Dev.  custom  in¬ 
terfaces  u/sg.  Java,  WDK  & 
DFC.  Create  SQL  Scripts,  stor¬ 
ed  procs.  on  Oracle  8i  &  SQL 
Server  7.0.  Create  XSL  styles¬ 
heets  &  perf.  XML  transformns. 
Utilize  IDEs  like  Visual  Age  3.5/ 
4.0,  Visual  Cafe  3.1,  JBuilder- 
3.0,  Front  Page  2000,  Dream¬ 
weaver  5.0,  ColdFusion,  Allaire 
Home  Site  4.5.1.  Web  develop¬ 
ment  using  Java,  JSP,  Servlets, 
HTML,  DHTML,  XML/XSL,  OR¬ 
ACLE/SQL  SERVER, and  Java¬ 
Script.  BS  in  Electronics  or 
Electrical  Eng  +  2  yrs.  exp  in 
duties.  Apply:  BCA-  Code  PS, 
2002  Perimeter  Summit  Blvd, 
#880,  Atlanta,  GA  30319  w/proof 
of  perm.w/k  authzn. 


Silicon  Laboratories  Inc.  is  hir¬ 
ing  for  the  following  positions: 
RF  Mixed-Signal  Design  Engr 

-  Design  RF  ICs  for  consumer 
elect,  wireless  commun.  equip, 
from  design  capture  &  layout  to 
testing  &  eval.  of  prototype.  Min. 
req:  MSEE  or  BSEE  +  5  yrs  exp 
in  integrated  circuit  dev. 

Circuit  Design  Engr  -  Design 
analog  &  digital  circuits  for  data 
conversion  &  commun.  apps. 
Min  req:  MSEE  or  BSEE  +  5  yrs 
exp  in  integrated  circuit  dev. 

Openings  in  Austin,  TX  and 
Nashua,  NH. 

Complete  job  descriptions  at 
www.silabs.com/careers.  Send 
resume  to  jobs_er@silabs.com 
or  HR  Dept.  4635  Boston  Lane, 
Austin,  TX  78735.  NO  IN  PER¬ 
SON  APPLICATION. 


Programmer  Analyst 

Analyze,  architect,  develop,  inte¬ 
grate  SAP  Enterprise  Portal, 
BSP,  PC-UI,  SAP  E-Selling  and 
E-Service  using  Java,  JSP,  AB- 
AP,  Netweaver,  VB.NET,  XML, 
Web  Services,  Rational  Rose, 
J2EE,  and  EAI  technologies 
using  database  in  Oracle  and 
SQL  Server.  Req.  Bachelor's  in 
Computer  Science  or  Engg.  or 
related  field  and  2  yrs  of  exp. 
Send  Resume  to:  HR.  Indus 
Valley  Software  Consulting,  Inc. 
3333  Warrenville  Rd.,  Suite  200, 
Lisle,  IL  60532.  E-mail: 
chicago@ivsconsulting.com 


Senior  Network  Engineer.  Job 
Site:  Raleigh,  NC.  Analyze, 
design  &  develop  advanced 
routing  and  VoIP  development 
for  Linux  based  system. 
Analyze,  design  &  integrate  net- 
work/internet/  VoIP  protocols 
and  services  such  as  ATM, 
10/100  Ethernet,  TCP/IP,  IpSec, 
DNS,  Wireless-Lan.  Solve  net¬ 
work-related  problems.  Super¬ 
vise  technical  projects.  Min. 
Req.  BA  Engineering  +  6  yrs 
exp.(M-F  40hrs/wk)  Fax  resume 
to:  Artech  Information  Systems, 
60B  Columbia  Rd.,  Morristown, 
N  J  07960  Att:  P.  Maggon  (973) 
993-9366. 


is  the  place  where 
your  fellow  readers 
are  getting  a  jump  on 
even  more  of  the 
world's  best  jobs. 

Now  combined  with 
CareerJournal.com, 
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Information  Analyst  II: 
Develop,  implement  &  main¬ 
tain  web-based  Info  Center 
using  Oracle  technologies; 
maintain  Oracle  database; 
design  web  pages  &  develop 
methods  of  info  delivery  using 
SQL,  PL/SQL,  HTML,  Java¬ 
Script,  Oracle  9iAS;  migrate 
Cobol  programs  to  Oracle 
Portal.  Req  BS  in  CS  or  relat¬ 
ed  plus  1  yr  work  exp.  Send 
resume  to  ACS,  Kennesaw 
State  Univ.  1000  Chastain 
Rd.,  Kennesaw,  GA  30144. 
Ref  NT 


Corpus,  Inc.  has  multiple  openings 
for  IT  professionals  to  design  and 
develop  applications  using  Oracle, 
SAP,  SQL,  PL/SQL,  COBOL, 
C/C++,  VB,  Java,  XML,  ERP,  ASP, 
NT,  XSL.  Min  BS/MS  with  exp. 
Travel  maybe  required.  Please 
send  resumes  to 

resumes@corpuslnc.com.  EOE. 
No  calls. 

Meridian  Technologies  looks  for  IT 
professionals  for  various  positions 
in  the  area  of  Oracle,  SAP,  SQL, 
Java,  Web  applications,  Unix,  etc. 
Candidates  must  have  BS/MS  or 
equivalent  with  some  IT  experi¬ 
ence.  Travel  required  for  some 
positions.  Please  contact 
jobs@meridiantech.net.  EOE. 


Corp.  IT  Specialist  -  R  &  D  for 
restaurant  industry.  Analyze 
software  requirements  to  deter¬ 
mine  feasibility  of  design.  Dev.  & 
direct  software  system  testing, 
programming,  &  documentation. 
Purch.,  maintain  &  upgrade 
corp.  network  &  related  equip. 
Dev.  training  manuals  &  train 
emp.  on  the  use  of  the  systems. 
Knowledge  of  Positouch, 
Panasonic,  Maitre'D,  Parmicro, 
&  Novell  Networking,  (may  be 
gained  during  ed.  background  or 
through  work  exp).  Must  have 
MCS.  &  5  yrs.  work  exp.  in  job 
offered  or  5  yrs  of  exp.  as  an 
instructor  of  Comp.Sc.  Submit 
resume  to  LM  Restaurants,  Inc., 
2721  McNeil  St.,  Raleigh,  NC 
27608. 


Graphic  Designer:  Design  and 
code  interactive  multimedia  pro¬ 
grams  and  websites  for  trade 
shows,  educational  and  market¬ 
ing  programs.  Render  3D  models 
for  various  projects  using  com¬ 
puter  soft  wares  and  free  hand 
sketching.  Design  print  layouts 
and  packages.  Req.  Bachelor 
degree  or  Equivalent  in  Graphic 
Design  or  Architecture  with  nine 
months  experience  in  job  offer¬ 
ed.  Must  be  proficient  in  Adobe 
Illustrator,  Photoshop,  3D  MAX, 
JavaScript,  Director  and  Flash 
ActionScript.  40  hour/wk,  9-5. 
Send  resume  and  portfolio  sam¬ 
ple  (non-returnable)  to  Shaw  Sci¬ 
ence  Partners  at  4151  Ashford 
Dunwoody  Rd,  Suite  502,  Atlan¬ 
ta,  GA  30319. 


Systems  Admin  to  work  at 
various  unspecified  loca¬ 
tions  with  the  foil  skills  & 
technologies:  Sun  Solaris, 
Veritas  Cluster/Volume 
Manager,  Weblogic,  Fire¬ 
wall,  VPN  &  Clearcase. 
Bach  or  equiv  in  Comp  Sci 
&  2  years  exp.  Sandlenet, 
Inc.,  43288  Starr  Street,  #1, 
Fremont,  CA  94539,  fax: 
510-291-2221,  e-mail: 
jobs@sandlenet.com 


Technical  Architect/Sr.  Software 
Developer  wanted.  Must  have 
Bach.  deg.  in  Comp.  Sci.,  Math, 
Physics  or  related  field  &  3  yrs. 
middleware,  integration  &  web 
technology  exper.  includ.  exper. 
with  IBM  WebSphere  Application 
Server  &  IBM  WebSphere  MQ  & 
1  yr.  exper.  providing  tech,  sup¬ 
port  to  customers  in  the  energy 
&/or  utilities  industries.  (Exper. 
can  be  concurrent).  Send  cover 
letter  and  resume  to  Corporate 
Recruiting,  Code  EUAF, 
LogicaCMG,  32  Hartwell  Ave., 
Lexington.  MA  02421.  No  third 
parties  or  phone  calls  please. 
LogicaCMG  is  an  EEO,  M/F/V 
Employer. 


Fast  Enterprises,  LLC  is 
seeking  a  Senior  Systems 
Analyst  to  plan,  design  and 
direct  system  transition  to 
COTS  solution  for  revenue 
agencies  throughout  the 
U.S.  Interested,  degreed, 
experienced  professionals, 
please  respond  to: 

Senior  Systems  Analyst 
Recruiting 
L.  Forest 

800  Park  Boulevard 
Suite  720 
Boise,  ID  83712 


Programmer-Analyst:  Write  pro¬ 
gram  specifications,  using  JD 
Edwards  World,  JD  Edwards 
One-World,  JDE  OneWorld, 
CNC  Administration,  RPG/400, 
AS/400  Administration,  CLP, 
JDE  Case  tools  to  develop  elec¬ 
tronic  commerce  internet;  im¬ 
plement  Version  Control  Man¬ 
agement;  formulate  plan  outlin¬ 
ing  steps,  using  structured 
analysis  and  design.  Req  4  yrs 
of  work  exp  in  related  field. 
Send  resume  to  Moorecroft 
Systems,  Inc.  202  Abbey  Court, 
Alpharetta,  GA  30004.  Ref  KY 


Programmer  Analysts,  Database 
Administrators,  Engineering  Prog¬ 
rammers,  Software  Engineers 
needed-mult  openings  in  locations 
throughout  the  US  with  at  least  one 
year  exp  in  any  of  the  following: 

•  C  or  C++,  UNIX 

•  Perl,  Oracle.  UNIX 

•  QA  Analyst 

•  Oracle  Developer 

•  Java  Developer 

•  Visual  Basic,  ASP,  SQL  Server. 
•SAP 

•  Oracle  Financials 

•  PeopleSoft 

•  Unix  or  NT  Administrator 
Unified  Business  Technologies, 
Inc.  ATTN:  Human  Resources 
41400  Dequindre  Road,  Suite 
105Sterling  Heights,  Ml  48314  An 
Equal  Opportunity  Employer 


Programmer  Analysts/Database 
Administrators  needed.  Seeking 
qual.  candidates  possessing  BS 
or  equiv.  and/or  rel.  work  exp. 
Duties  include:  develop  &  imple¬ 
ment  physical  database  design; 
create  database  objects,  busi¬ 
ness  rules  &  database  autho¬ 
rization.  Work  w  /  PL/SQL, 
Pro*C,  Oracle,  ETL,  ClearCase, 
COGNOS.  Fwd.  resume  &  ref. 
to  Software  Galaxy  Systems 
LLC,  4390  US  Route  IN,  Suite 
210,  Princeton.  NJ  08540. 


Computer  Programmer  Analysts 
(multiple  openings  at  various 
locations):  Livonia.  Ml  with  foil 
skills: 

•  Filenet  IDM  Desktop,  IDM 
Web,  Capture,  Visual  Workflo, 
IDMIS,  IDMDS,  ASP  Java 
Script,  MS  SQL,  &  Oracle  on 
Windows  &  Novel  Networks. 

•  AIIFusion  Data  Modeler, 
Rational  Rose,  Oracle, 

Ascential  Datastage, 

Informatics,  Business  Objects, 
Crystal  Reports,  Sun  Solaris, 
Unix,  Windows  NT,  Oracle 
PL/SQL,  Pro*C,  &  Designer 
2000. 

Req:  Bach  degree  in  Math/ 
Sci/Comp  Sci/Engg/Electronics/ 
MIS/Comm/Bus.  Mgt/  Admin  or 
foreign  equiv  &  2yrs  exp  in  tech¬ 
nologies  &  job  duties.  Will  also 
accept  2  yrs  college  education  & 
3  yrs  exp  or  any  suitable  combi¬ 
nation  of  education,  experience 
and/or  training  that  meets  mini¬ 
mum  requirements.  Travel 
and/or  relocation  possible. 

Respond  by  resume  to:  HR, 
Datamatics  Technologies  Inc., 
31557  Schoolcraft  Road  #  100, 
Livonia,  Ml  48150-1822,  OR  by 
Fax  #:  734-525-3734. 


Computer 
Systems  Analyst 
L'Oreal  USA  is  seeking  a 
Systems  Analyst  for  New  York 
City  location  to  design,  develop, 
test,  implement  and  maintain 
web-enable  business  applica¬ 
tions  supporting  retail  product 
placement  management  soft¬ 
ware  platforms  (Intactix  Space 
Planning  Plus  and  Intactix 
Knowledge  Base);  using  C#, 
Java  and  Microsoft  ASP.NET 
programming  as  well  as  MS 
SQL  and  Oracle  relational  data¬ 
base  design  and  development 
skills;  and  use  knowledge  and 
understanding  of  relational  man¬ 
aged  reporting,  multi-dimension¬ 
al  database  modeling,  user 
interface  and  reporting  principle 
within-  Cognos  Business 
Intelligence  tool  suite  to  design 
report  formats  and  generate 
analysis  cubes.  Position 
requires  a  BS  in  Computer 
Engineering,  (including  Cognos 
Business  Intelligence  tools,  C#, 
Java  and  ASP.NET).  Please  fax 
resume  and  cover  letter  with 
salary  history/requirements  to: 
Human  Resources  (212)  984- 
5038.  EOE. 


Prog/Analysts  to  analyze,  des¬ 
ign  software  appls  using  Java, 
JSP,  Servlets,  XML,  ASP,  Visual 
Basic,  EJB,  JavaScript,  HTML, 
DHTML  under  Windows,  UNIX 
OSs;  design  APIs  for  backup/ 
recovery  framework;  provide 
on  site  maintenance  support 
such  as  debugging,  modifica¬ 
tions,  fine  tuning  &  code  opti¬ 
mization.  Require:  BS  or  foreign 
equiv.  in  CS/Engg.(any  branch) 
&  2  yrs  of  exp.  in  IT.  F/T.  com¬ 
petitive  salary.  Travel  involved. 
Resumes  to:  HR.  Semafor  Tech¬ 
nologies,  Inc.,  3300,  Holcomb 
Bridge  Road,  Ste212,  Norcross, 
GA  30092. 


Technical  Lead: 

(with  Bachelors  degree  and 
3  years  experience),  West 
Chester  OH.  Job  entails 
and  requires  experience  in 
design  and  development  of 
applications  using  IIS 
Apache,  Weblogic,  SunOne 
Directory  Server,  Site- 
Minder  Policy,  SiteMinder 
Web  Agent,  Windows  2003, 
and  Solaris.  Attractive 
Compensation  package, 
Send  Resume  to  Madeline 
Rossero,  65  Water  Street, 
Norwalk,  CT  06854 


Educational  Software  Developer 

Description:  Develop  and  main¬ 
tain  web  based  software  config¬ 
uration  survey  application  for 
Workforce  Timekeeper  and 
HRMS  Products.  Develop  new 
releases  and  maintain  existing 
release  of  application  for  creat¬ 
ing  simulations  and  tutorials  of 
Company  software  applications. 
Develop  installation  scripts  to 
install  on  Windows  clients.  Main¬ 
tain  registration  application  for 
Educational  Services  web  based 
student  registration  system. 
Support  system  on  internal  and 
external  web  sites.  Maintain 
Company  Educational  Services 
learning  paths  applications.  Pro¬ 
vide  reporting  for  application  as 
needed. 

Requirements:  Requires  a 

Bachelor's  degree  in  Computer 
Science  or  a  related  field  or  the 
equivalent.  Requires  5  years  of 
experience  developing  web  and 
client  server  based  applications. 
Requires  Microsoft  Applications 
or  Solutions  Development  Certif¬ 
ication.  Requires  solid  under¬ 
standing  and  ability  to  work  with 
the  following  technologies:  Mic¬ 
rosoft  Visual  Basic  6;  Active  Ser¬ 
ver  Pages;  VBScript;  JavaScript; 
Flash  MX  &  Actionscript;  XML  & 
XSLT;  Microsoft  SQL.  Server  ( 
SQL,  Constraints,  Stored  Proce¬ 
dures);  Microsoft  Access;  ADO; 
IIS;  COM,  COM+,  Active  X  tech¬ 
nologies;  Visual  Source  Safe; 
Crystal  Reports  7.0  or  8.0; 
Windows  2000,  and  Windows 
NT.  Must  have  ability  to  ap¬ 
proach  situations  with  energy 
and  enthusiasm;  good  analytical 
skills;  communicate  effectively, 
gain  credibility,  and  develop  pro¬ 
ductive  working  relationships 
with  others;  function  in  a  fast- 
paced  environment  under  time 
pressure;  and  be  a  flexible 
team-oriented  individual  who 
shows  initiative  and  demon¬ 
strates  flexibility  and  can  deliver 
in  a  team  environment. 

Please  submit  your  resume  and 
salary  requirements  to:  Thomas 
Bartiromo,  Director,  Corporate 
Staffing  at  corporateemptS) 
kronos.com  or  Kronos,  Inc.,  297 
Billerica  Road,  Chelmsford,  MA 
01824.  Applicants  must  have 
proof  of  legal  authority  to  work  in 
US. 


BCC  USA  Inc  -  South  Portland, 
ME  needs  experienced  Pro¬ 
grammer  Analysts  having  a 
Bachelors  Degree  with  minimum 
two  years  of  progressive  experi¬ 
ence  in  Design,  Development 
and  Deploying  multi-tiered  web 
based  applications  in  a  distrib¬ 
uted  environment  using  JAVA / 
J2EE,  Servlets,  JSP.  STRUTS, 
EJB,  WebLogic,  Sybase  and 
IBM  DB2.  Must  have  experience 
in  using  UML  modeling  tools 
with  Rational  Rose  /  Together- 
Soft  and  IDE  Eclipse.  Must  have 
experience  in  Apache  ANT  for 
build  /  deploy  J2EE  applications. 
Competitive  salary  and  benefits. 
M-F,  40  hours/week.  Please  mail 
your  resume  to  BCC  USA  Inc., 
HR  Department,  650  Main  Street 
Suite  201,  South  Portland,  ME  - 
04106. 


BCC  USA  Inc  -  South  Portland, 
ME  needs  experienced  Pro¬ 
grammer  Analysts  having  a 
Bachelors  Degree  with  mini¬ 
mum  two  years  of  progressive 
experience  in  Analysis,  Design, 
Development  and  Implementa¬ 
tion  of  Java  /  J2EE  based  appli¬ 
cations  using  JSP,  Servlets 
EJB,  JDBC,  JNDI,  Java  Beans, 
WSAD,  Web  Logic,  Struts 
(MVC)  Framework,  Vignette 
Content  Management  Suite, 
XML,  XML  Spy,  XSL,  Oracle, 
IBM  DB2  and  IBM  MQ  Series. 
Must  have  experience  in  imple¬ 
menting  RUP  methodology. 
Competitive  salary  and  benefits. 
M-F,  40  hours/week.  Please 
mail  your  resume  to  BCC  USA 
Inc.,  HR  Department,  650  Main 
Street  Suite  201,  South 
Portland,  ME  -  04106. 


IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  u  0  )  Design, 
test,  develop  and  implement  custom  web  applications  (Eco;  •'•me  w”eb 
technologies)  for  automated  government  labor  exchange  syt  s  utiliz¬ 
ing  labor  exchange  models  used  in  states'  public  systems  at:,  private 
sector  entities.  Implement  a  custom  developed  n-tier  labor  excha.  sys¬ 
tem  using  Ecommerce  technologies,  legacy  mainframe  archii-  sure, 
Object-Oriented  Analysis  and  Design,  relational  database  design  a.  r.e- 
ory.  Unified  Modeling  Language  (UML)  and  Object  relational  mt,;:  q. 
Conduct  Joint  Requirements  Planning  (JRP)  sessions  and  Joint  . ., 
cation  Design  (JAD)  sessions  to  gather  system  functional  requiren.  :nn 
and  to  present  proposed  designs  and  solicit  user  acceptance.  Conduct 
unit,  functional,  regression  and  system  testing  to  ensure  system  quality. 
Apply  current  Department  of  Labor  (DOL)  regulations  to  real  systems 
design  decisions  involving  knowledge  of  Workforce  Investment  Act  and 
Wagner-Peyser  Act,  federal  and  state  workforce  registration  guidelines 
and  unemployment  insurance  profiling  and  sanctioning  rules.  Formulate 
job  matching  models  adhering  to  federal  and  state  regulations  to  meet 
labor  market  entity  needs.  Map  DOL  legacy  classification  systems  to  new 
specifications  including  Dictionary  of  Occupational  Titles  (DOT)  codes  to 
Occupational  Information  Network  (ONET)  codes  and  Standard  Industrial 
Classification  (SIC)  codes  to  North  American  Industrial  Classification 
System  (NAICS).  Utilize  Section  508  Accessibility  Guidelines  in  applying 
Ecommerce  systems.  Evaluate  competing  labor  exchange  IT  design  and 
development  methodologies  and  use  selected  methodology  to  develop 
prototypes  and  finish  labor  exchange  systems  that  meet  state  and  feder¬ 
al  requirements. 

WAGE:  $75, 779.60/year 

Hours:  Monday-Friday  9:00am-5:00pm 

MINIMUM  REQUIREMENTS: 

Bachelor's  degree  in  Computer  Science,  Math,  Engineering  (any  type), 
Information  Systems  or  Business  Administration  +  2  years  exp.  in  the  job 
offered  or  2  years  exp.  as  a  Consultant,  Systems  Analyst  or  Developer. 
Related  experience  must  include  design,  testing,  development  and  imple¬ 
mentation  of  custom  web  applications  (Ecommerce  web  technologies)  for 
automated  government  labor  exchange  systems.  Related  experience 
must  include  Object  Oriented  Analysis  and  Design,  relational  database 
design,  and  mainframe  experience  as  well  applying  current  Department  of 
Labor  regulations  to  real  system  design  decisions  involving  the  Workforce 
Investment  Act. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB45881 5  to 
the:  PA  Careerlink,  701  Crosby  Street,  Suite  B,  Chester,  PA  19013-6096. 
EOE. 


Lead  Network  Architect  Cons¬ 
ultant  wanted  by  a  Tele¬ 
communications  Network  Ser¬ 
vice  co.  in  Garden  City,  NY  & 
Huntington,  NY.  Providing 
design,  engineering,  planning 
and  integrating  cost  effective  IP 
network  solutions  in  support  of 
Network  requirements  for  the 
company  and  26  of  its  business 
units;  researching  and  applying 
new  technologies  to  reduce  cor¬ 
porate  costs  and  improve  pro¬ 
ductivity  and  network  reliability. 
Must  have  a  Bachelor's  degree 
in  Comp.  Sci.  or  related  field  &  5 
yrs.  exp.  as  a  Network 
Specialist/Analyst/Commun¬ 
ication  Specialist  with  2  yrs.  exp. 
leading  personnel  or  providing 
training  classes;  knowledge  of 
networking  including  router  or 
concentrator  configuration  pro¬ 
tocol  fundamentals;  specialized 
knowledge  of  computer  commu¬ 
nications  systems  and  advanced 
Cisco  Router  and  routing  proto¬ 
cols;  must  also  have  knowledge 
of  the  following:  TCP/IP  and  pro¬ 
tocol  analyzers;  Cisco  Switches 
and/or  WAN  Technologies; 
approaches  and  logic  for  des¬ 
igning  TCP/IP  WAN  Networks 
(equipment  selection,  configura¬ 
tion,  software,  routing  etc.);  and 
understanding  of  Mainframe 
communication  with  a  systems 
programming  background. 
Other  Special  Requirements: 
CISCO  CERTIFICATION  or 
equivalent  expertise,  in  lieu  of  a 
Bachelor's  degree,  we  will 
accept  an  additional  two  (2) 
years  of  progressive  experience 
in  the  job  offered  or  related 
occupation.  Please  respond  to 
CD  Telecom  (Quantitude)  Attn. 
Bill  Ramsey,  Ref#1818,  6901  S. 
Havana  Street,  Centennial,  CO 
80112. 


Statistical  Programmer; 
Cary,  NC.  Design  SAS 
programs  to  manage  data 
from  clinical  drug  trials. 
Develop  programs  for 
test  validation  according 
to  FDA  regs.  Req.  degree 
and  exp.  with  mgmt.  of 
clinical  trial  data  using 
SAS  programs.  Send 
resumes  to:  George  S. 
Besse,  ASG,  Inc.,  2000 
Regency  Parkway,  Suite 
355,  Cary,  NC  27511. 


Teksoft  Inc  is  a  growing  soft¬ 
ware  development  and  consult¬ 
ing  firm  in  Houston.  We  are  look¬ 
ing  for  Computer  Professionals 
for  the  following  positions. 

Software  Engineer:  Research, 
analyze,  design  and  develop  in¬ 
ternet  programs  for  WEB  based 
knowledge  management,  cus¬ 
tomer  relationship  management, 
sales  force  automation  and  e- 
commerce  for  development  of 
SAP  packages.  Must  have 
knowledge  of  any  SAP  (  I.S  )  In¬ 
dustry  Solutions  modules.  Re¬ 
quires  Masters  degree  in  Comp¬ 
uter  Science  or  in  a  related  field 
and  1  one  year  of  experience  in 
the  advertised  position  or  in  a 
similar  position  and  ability  to  use 
SAP  Industry  Solutions  mod¬ 
ules.  Must  be  willing  to  travel. 

Programmer  Analyst:  Plan, 
test  and  develop  internet  based 
programs  for  ERP  packages, 
CRM,  Sales  force  automation 
and  E-Commerce.  Requires  a 
Bachelors  degree  in  Computer 
Science  or  in  a  related  field  and 
one  year  of  experience  in  the 
advertised  position  or  in  a  simi¬ 
lar  position  and  ability  to  use 
ERP  and  CRM.  Must  be  willing 
to  travel. 

Accounts  Analyst:  Manage 
multiple  accounts  and  develop 
SAP  Finance  Modules  to  track 
revenues  and  expenditures. 
Present  quarterly  reports  and 
annual  projections  based  on 
revenue  received  and  expendi¬ 
tures.  Requires  a  Bachelors  de¬ 
gree  or  equivalent  and  one  year 
of  experience  in  the  advertised 
position  or  in  a  related  position 
with  the  ability  to  use  SAP 
Finance  modules  and  Quick 
Books.  Must  be  willing  to  travel. 

Send  Resume  and  Cover  letter 
to:  Teksoft,  Inc.  6201  Bonhom- 
me,  Ste.  470-S,  Houston,  TX 
77036. 


Systems  Administrator 
sought  by  medical  diag¬ 
nostics  co.  Req  Bach  or 
its  foreign  equiv  in 
Electronics/Comp. 
Engg.  Resume  to  HR 
Dept.,  Northland  Radio¬ 
logy,  Inc.,  26222 
Telegraph  Rd,  #100, 
Southfield,  Ml  48034. 
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M  Sales  Offices 

Carol  Lasker,  Associate  Publisher/Vice  President 
Jane  Weissman,  Seles  Operations  Coordinator 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237  _ 

New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Del’a  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet-  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286  _ 

Northeast 

Elisa  Della  Rocco,  Regional  Sales  Manager 
Internet:  elisas@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 

ftSsd-Atiantic 

Jacqui  DiBianca,  Regional  Sales  Manager 
Lee  Foster,  Sales  Assistant 
Internet:  jdibian,  lfoster@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Central 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786  

Southeast 

Don  Seay,  Regional  Sales  Manager 
Lee  Foster,  Sales  Assistant 
Internet:  dseay,  lfoster@nww.com 
(404)  845-2886/FAX:  (404)  250-1646 


Northern  California/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Sales  Manager 
Courtney  Cochrane,  Regional  Sales  Manager 
Vanessa Tormey,  Regional  Sales  Manager 
Teri  Marsh  Sales  Assistant 

Internet:  skupiec,  kwilde,  ccochrane,  tmarsh@nww.com 
(510)  768-2800/FAX:  (510)  768-2801  

Southwest/Rockies 

Becky  Bogart  Randell,  Regional  Sales  Manager 
Victoria  Gonzalez,  Sales  Assistant 
Internet:  brandell,  vgonzalez@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Customer  Access  Group 

Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 
Manager,  Customer  Access  Group 
Michael  Hiatt,  Director  of  Custom  Programs 
Kate  Zinn,  Sales  Manager,  Eastern  Region 
Internet:  tdavis,  mhiatt,  kzinn@nww.com 
(508)  460-3333/ FA  X :  (508)  460-1237 

Fusion 

Kevin  Normandeau,  Vice  President,  Online 
James  Kalbach,  Director,  Online  Services 
Scott  Buckler,  West  Coast  Regional  Sales  Manager 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  District  Sales  Manager 
Denise  Landry,  Sales  Coordinator 
Internet:  knormandeau,  jkalbach,  sbuckler,  sgutierrez, 
dlovell,  dlandry@nww.com 


MARKETPLACE 

;•  Donna  Pomponi,  Director  of  Emerging  Markets 
Enku  Gubaie,  Senior  Account  Manager 
Caitlin  Horgan,  Account  Manager 
Jennifer  Moberg,  Account  Manager 
Chris  Gibney,  Sales  Operations  Coordinator 
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These  days,  no  network  is  free  of  threats.  That’s  why  you  have  to  assign  network  security  privileges  to  everyone.  Employees,  customers, 
and  partners.  You  need  to  set  an  acceptable  use  policy  that  dictates  what  each  of  them  can  and  can't  access.  Until  now,  you  had  to  do 

this  manually. 

Not  anymore.  Now  you  can  do  what  Baylor  University  did.  Implement  an  Enterasys  Secure  Networks™  solution  with  a  unique,  policy  - 
based  system  that  empowers  the  network  to  allocate  resources  based  on  specific  users  and  their  roles.  The  network  “sees”  who  tin*  user 
is  and  assigns  privileges  accordingly.  This  improved  control  also  gives  you  more  security. 

It’s  all  about  giving  you  a  smarter  way  to  network  with  central,  intuitive  management.  Find  out  more  at  networksthalknow.com/Baylor. 
Or  ask  any  one  of  the  many  enterprise  customers  we’ve  worked  with  for  years. 
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BM  Tivoli  digs  deeper  into  app  transactions 


@  BY  DENISE  DUBIE 

IBM  Tivoli  last  week  announced  it  has 
upgraded  its  application  performance 
management  software  to  more  accurately 
identify  network  troubles  and  speed  prob¬ 
lem  resolution. 

IBM  Tivoli  Monitoring  for  Transaction  Per¬ 
formance  (TMTP)  5.3  monitors  application 
traffic  as  it  flows  through  a  network  to  pro¬ 
vide  detailed  response  time  information 
on  application  transactions.  The  product 
uses  server  and  agent  software  installed 
across  an  infrastructure  on  Web,  applica¬ 
tion  and  database  servers,  as  well  as  on 
end-user  clients,  to  determine  application 
response  times.  The  software  collects  the 
data,  correlates  it,  compares  it  against  pre¬ 
set  desired  response  times,  and  alerts  staff 
when  transaction  thresholds  are  missed. 

The  new  version  includes  more  applica¬ 
tion,  server  and  standards  support  that  let 
the  software  provide  specific  information 
to  help  customers  optimize  application 
performance,  the  company  says.  For 
example,  with  this  release,  IBM  Tivoli 
announced  integration  with  Siebel  Server 
7.7,  which  provides  TMTP  software  with 
Siebel  instrumentation  specifics,  such  as 
how  the  Siebel  server  should  be  config¬ 
ured  or  how  it  should  communicate  with 
applications.  That  information  could  be 


SSL 

continued  from  page  12 

an  API  to  which  vendors  specializing  in 
securing  remote-access  endpoints  can 
write  their  software,  says  Robert  Whiteley 
an  analyst  at  Forrester  Research.  Aventail 
already  offers  endpoint  security  via  part¬ 
ners.  “Integrating  their  own  endpoint 
security  software  gives  Aventail  a  leg  up,” 
he  says. 

Aventail  is  further  simplifying  this  autho¬ 
rization  process  with  new  graphical 
administrative  tools  that  create  groups  of 
users  and  sets  of  resources  that  can  be 


associated  with  each  other  so  a  given 
group  can  be  granted  access  to  one  or 
many  sets  of  resources. 

Before,  these  groups  had  to  be  set  man¬ 
ually,  increasing  the  likelihood  of  error.“It 
was  basically  a  giant  access  control  list 
nightmare,”  Whiteley  says.  “You  had  a  lot 
of  options  of  what  you  were  going  to  do 
with  every  user.” 

ASAP  8.0  software  comes  standard  with 
Aventail  EX  750  and  EX  1500  appliances. 

Meanwhile,  SSL  vendor  Array  Networks 
next  week  is  expected  to  announce  two 
remote-access  appliances  for  enterprise 


used  by  TMTP  to  pinpoint  an  errors 
cause.  Rather  than  IT  managers  looking 
through  logs  from  multiple  systems  to 
find  the  cause  of  poor  response  time,  the 
software  would  point  out  that  the  prob¬ 
lem  was  caused  by  a  configuration  error 
on  the  Siebel  server. 

“The  more  information  software  can  col¬ 
lect  across  the  infrastructure  and  from  spe¬ 
cific  applications,  the  more  likely  it  can 
automate  problem  detection  and  in  some 
cases,  resolution,” says  Audrey  Rasmussen,  a 
vice  president  at  Enterprise  Management 
Associates. 

In  addition  to  Siebel  integration,  the 
company  added  support  for  more  infra¬ 
structure  components,  such  as  Web  ser¬ 
vices,  Web  servers,  IBM  Customer 
Information  Control  System  (CICS),  IBM 
IMS  (a  database  and  transaction  manage¬ 
ment  system),  IBM  DB2  and  SAP  back¬ 
end  services.  TMTP  also  uses  the  The 
Open  Group’s  standard,  which  lets  the 
software  collect  transaction  response 
time  data  directly  from  applications, 
servers  and  network  devices.  The  more 
data  the  software  can  collect,  the  better, 
industry  experts  say 

“IBM  realizes  customers  need  to  be  able 
to  measure  how  systems  use  applications 
and  how  well  transactions  perform  across 
the  infrastructure  to  enable  autonomic  and 


customers  called  SPX  2000  and  SPX  3000, 
which  are  smaller  versions  of  the  compa¬ 
ny’s  SP  service  provider  gear.  The  appli¬ 
ances  support  up  to  800  and  2,200  simul¬ 
taneous  users,  respectively.  The  SP  sup¬ 
ports  up  to  64,000.  Multiple  SPXs  can  be 
connected  to  boost  the  number  of 
remote  users  they  support,  the  company 
says. 

First  Data,  a  credit  and  ATM  card  verifica¬ 
tion  company  in  Denver,  is  considering  the 
gear. The  company  uses  Array  products  for 
its  customers  accessing  First  Data  Web 
servers,  but  plans  to  give  its  employees  SSL 
access  to  corporate  data,  says  Stuart  Spin¬ 
ner,  the  company’s  director  of 
information  security 
SPX  2000  costs  $10,000  with 
one  user  license.  SPX  3000 
costs  $20,000  with  one 
license.  Extra  licenses  cost 
more.  A  500-user  license  costs 
$15,000  extra. 

ServGate  also  is  introducing  EdgeForce 
M30,  a  multifunction  security  device 
based  on  ServGate  software  and  Dell 
hardware. 

Designed  for  small  businesses,  the 
device  comes  with  a  firewall,  VPN  sup¬ 
port  and  one  of  three  other  applications: 
anti-virus,  anti-spam  or  Web  filtering.  The 
M30  supports  up  to  35  simultaneous 
users  and  is  similar  to  ServGate’s 
EdgeForce  appliance  that  is  built  on 
hardware  by  ServGate. 

The  ServGate  M30  costs  $1,000  for  a  unit 
with  a  license  for  10  simultaneous  users.* 


utility  computing,”  says  Corey  Ferengul,  a 
vice  president  at  Meta  Group.  This  release 
of  TMTP  is  a  step  in  that  direction,  he  says, 
because  in  order  to  automate  fixes  along 
the  lines  of  IBM’s  plans  to  develop  self-heal¬ 
ing  systems,  the  software  first  must  under¬ 
stand  how  applications  communicate  with 
infrastructure  components  on  a  transac¬ 
tion  level. 

Yet  IBM  Tivoli  will  have  to  continue  to  add 
application-specific  support,  as  well  as 


more  platform  support  to  win  customers’ 
dollars  from  competing  vendors  such  as 
BMC,  Mercury  Interactive  and  Wily 
Technology 

“Products  that  measure  application  per¬ 
formance  need  to  do  more  than  collect 
data  from  the  infrastructure:  They  need  to 
show  where  performance  falls  down,” 
Rasmussen  says. 

TMTP  5.3  starts  at  $6,200  and  is  based 
on  the  number  of  systems  monitored.* 
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178700 

J. 

Percent  paid  and/or  Requested  Circulation 
(15c  divided  by  15g  Times  100) 

99% 

98.3% 

I  certify  that  the  statements  made  by  me  above  are  correct  and  complete. 

Robert  Wescott 
Distribution  Manager 
508-628-4759 


iervGate's  EdgeForce  M30  security  devices  uses  Dell 
tardware. 


where  information  lives 


Fr:  being  alone  with  your  information  management  challenges 


To:  getting  all  the  help  you  need 


EMC  SERVICES  CAN  HELP  YOU  GET  MORE  FROM  YOUR  INFORMATION.  With  EMC,  you  get  the  combined 
expertise  of  over  7,000  consultants,  specializing  in  everything  from  comprehensive  analysis  and  long-term 
planning  to  proven  implementation  and  support.  It’s  the  insight  you  need  to  archive  information  efficiently, 
enable  compliance,  maintain  business  continuity,  and  take  on  new  challenges.  And  it’s  the  first  step  toward 
creating  an  information  lifecycle  management  strategy  that  fits  your  business.  To  put  EMC’s  award-winning 
services  to  work  for  you,  visit  www.EMC.com/services. 

EMC2  EMC.  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©  2004  EMC*  Corporation.  All  rights  reserved. 
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k  letter  to  Messrs.  Gates  and  Ballmer 


Dear  Bill  and  Steve, 

Considering  that  we’ve  never  met 
please  forgive  the  rather  familiar 
greeting.  I  suspect  the  chances  of 
actually  getting  a  reply  from  either 
of  you  is  pretty  low,  as  you  are  very 
busy  people  and  the  thoughts  of 
one  columnist  are  hardly  likely  to 
rock  your  world. 

All  the  same,  I  figure  that  it  is  worth  trying  because 
even  if  you  don’t  read  this  some  of  your  employees 
and  shareholders  might,  and  the  message  might  fil¬ 
ter  back. 

So  let  me  start  by  saying  that  despite  my  many  crit¬ 
icisms  of  Microsoft  products  and  corporate  behavior 
over  the  years,  I  have  at  the  same  time  admired  what 
the  company  has  achieved  and  have  said  so  in  this 
column. 

What  prompted  me  to  write  was  the  news  that,  fol¬ 
lowing  the  European  Commission’s  ruling  against 
Microsoft  in  March,  I  understand  the  company  has 
created  a  version  of  Windows  that  doesn’t  bundle 
Windows  Media  Player.  Apparently  you  chose  to  do 
that  as  a  back-up  plan  should  the  hearings  over 
Microsoft’s  request  for  suspension  of  the  European 
Commission  court’s  demands  not  go  in  Microsoft’s 
favor  —  this  way  the  company  would  be  ready  to 
roll  with  a  product  that  complied  with  the  ruling. 


So  after  all  the  assertions  that  Windows  would  be 
crippled  by  the  lack  of  a  built-in  media  player  it 
turns  out  you  can  create  a  product  that  works  per¬ 
fectly  well  with  the  Windows  Media  Player  as  an 
add-on.  Gentlemen,  this  comes  as  no  surprise  to  any 
of  us  with  basic  knowledge  of  operating  systems. 

What  concerns  me  is  that  Microsoft  has  yet  again 
indulged  in  misrepresentation. 

You  have,  not  for  the  first  time,  let  yourselves 
behave  as  if  the  end  justified  the  means.  For 
Microsoft  the  end  has  been  simply  making  money 
and  achieving  market  dominance,  the  means  being 
untruthfulness. 

Don’t  you  occasionally  feel  nagging  doubts  over 
the  fact  that  your  company  distorts  the  truth?  I  know 
that  struggling  for  position  and  advantage  are  essen¬ 
tial  for  a  growing  company  but  you  are  in  a  different 
league  from  most. 

You  are  in  a  unique  position  in  cultural  and  busi¬ 
ness  history  You  hold  the  reins  of  one  of  the  most 
powerful  forces  in  the  evolution  of  human  commu¬ 
nications,  as  well  as  one  of  the  most  widely  used  set 
of  thinking  tools. 

You  are  not  just  rich, you  are  wealthy. Your  com¬ 
pany  has  created  staggering  wealth  and  power. 
Despite  that  —  or  maybe  because  of  that  —  your 
perceived  corporate  ethical  capital  is  at  an  all-time 
low.  You  seem  to  be  unable  to  say  “Enough!” 


You  are  at  the  point  where  your  company  without 
compromising  its  market  hegemony  could  become 
—  and  I  know  this  sounds  corny  but  stick  with  me 
on  this  —  a  moral  and  ethical  force  that  has  as  its 
foundation  a  belief  in  the  historical  and  cultural 
importance  of  Microsoft  rather  than  in  the  immedi¬ 
ate  business  value  it  currently  represents. 

As  cliched  as  that  might  sound,  the  idea  of  being 
more  than  just  another  rapacious  business  behe¬ 
moth  really  matters  given  your  place  in  the  world. 
When  you  are  untruthful  about  something  like  the 
Windows  Media  Player  integration  with  Windows 
you  are  compromising  and  devaluing  your  genius. 

I’m  not  suggesting  anything  ridiculous  such  as  that 
you  should  stop  being  competitive  or  give  up  on 
profits. What  I  am  suggesting  is  that  it  is  time  for 
Microsoft  to  mature,  to  embrace  the  opportunity  of 
being  more  than  an  800-pound  very  rich  gorilla. 

I  would  go  so  far  as  to  suggest  that, should  you 
even  begin  such  a  transformation  —  something  that 
would  take  several  years  to  realize  —  you  will  see 
greater  profits  and  less  resistance  to  your  ideas. 

Shquld  you  carry  on  as  you  are, you  will  have 
missed  one  of  the  greatest  opportunities  in  history  to 
make  a  difference  to  our  culture. 

Yours  sincerely 

Mark  Gibbs  ( backspin@gibbs.com ). 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Spammers  are  rats?  Are  you  one,  too? 

A  family  member?  . . .  No,  I  would  not 
drop  a  dime  on  a  relative. 

Close  friends  are  safe,  too,  but  let's  emphasize  “close.”  Casual  friends  and 
acquaintances  had  better  not  bank  on  my  silence  —  not  when  singing  to  the  feds 
might  net  my  bank  account  a  cool  $250,000. 

Of  course,  I  don’t  know  any  spammers,  at  least  not  any  who  are  out  of  the 
closet,  so  the  exercise  of  ascertaining  my  threshold  for  remaining  silent  is 
purely  academic.  It's  those  of  you  who  do  know  spammers  —  and  those  of  you 
who  are  spammers  —  who  need  to  be  thinking  about  this  question  on  more 
than  a  theoretical  level. 

Does  anyone  doubt  this  publication  has  a  reader  or  two  fitting  the  profile?  I 
don't. 

These  spammers  and  those  who  know  them  probably  sat  up  and  took  notice 
recently  when  the  FederalTrade  Commission  (FTC)  issued  a  report  to  Congress 
on  the  feasibility  of  instituting  a  bounty  program  to  entice  informants  into  snitch¬ 
ing  on  major  junk  e-mailers.  Consideration  of  such  a  program  was  part  of  the 
CAN-SPAM  legislation  that  kicked  into  gear  Jan.  1. 

Should  one  be  adopted,  a  bounty  program  isn't  likely  to  save  CAN-SPAM  from 
ignominious  failure.  But  that  doesn't  mean  it  can't  be  fun  for  all  who  find  junk 
e-mail  loathsome,  and  profitable  for  those  few  who  do  have  the  goods  on  a  spam¬ 
mer.  You  can  read  the  FTC  report  on  the  would-be  CAN-SPAM  Informant 
Reward  System  at  www.nwfusion.com,  DocFinder:  4041. The  more  interesting 
assessment  of  such  programs  is  an  accompanying  paper  by  Marsha  Ferziger 
Nagorsky  of  the  University  of  Chicago  Law  School,  which  can  be  found  at 
DocFinder:  4042. 

Ferziger  Nagorsky  says  there  are  three  types  of  potential  informants  at  the  dis¬ 
posal  of  law  enforcement: 


The  first  are  spam  recipients;  in  other  words,  anyone  with  an  e-mail  account. 
Even  though  this  group  dutifully  forwards  300,000  spams  daily  to  the  government's 
collection  trough  —  spam@uce.gov  —  the  diligence  is  useless  to  prosecutors. 

The  second  group  is  made  up  of  amateur  cybersleuths;  in  other  words,  those 
with  oodles  of  technical  know-how,  righteous  determination  and,  in  many  cases,  a 
need  for  cash  born  of  being  between  jobs.  (OK,  that  last  part  is  my  own  snarky 
comment.)These  people,  too,  are  largely  useless  to  prosecutors  because  of  their 
limited  ability  to  procure  the  quality  evidence  that  will  lead  to  a  conviction. 

The  last  group  is  insiders  —  accomplices,  cohorts,  hangers-on  and  busybodies 
—  those  who  run  in  spammer  circles.These  people  possess  the  “high  value”  info 
that  prosecutors  need  and  that  might  be  worth  anywhere  from  $100,000  to 
$250,000  of  your  tax  dollars. 

The  FTC  wouldn't  be  reinventing  the  wheel  here. This  bounty  stuff  is  old 
hat  to  the  Internal  Revenue  Service,  which  can  offer  up  to  $2  million  for  dirt 
about  tax  cheats.  Over  the  past  30  years,  more  than  17,000  individuals  have 
collected  $35  million  in  IRS  reward  money,  which  has  recouped  $2.1  billion  in 
unpaid  taxes. 

So  what's  not  to  like?  Well,  not  all  such  schemes  are  created  equal.The 
Securities  and  Exchange  Commission  has  had  one  on  the  books  since  1988  but 
has  awarded  money  to  only  three  snitches.The  U.S.  Customs  Service  has  one, 
too,  but  it  has  trouble  offering  big  rewards  for  the  simple  reason  that  the  agency 
can’t  legally  sell  much  of  what  it  confiscates. 

The  bottom  line  is  Ferziger  Nagorsky  believes  a  modest,  well-conceived,  well- 
funded  snitch  program  could  land  a  handful  of  spam  kingpins  annually —  no  more. 

But  there  also  might  be  a  side  benefit. 

“I  believe  that  the  very  existence  of  this  bounty  program  . . .  could  provide  a  very 
real  benefit:  deterrence,”  she  says. 

Tips  are  always  welcome  here,  although  gratitude  will  be  your  only  reward.  The 
address  is  buzz@nww.com. 
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and  Layer  4-7  solution 
#1  in  price/performance 
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Serverlron/— when  it  comes  to  Layer  4—7  load  balancing,  there  is  no  summit! 
just  a  continuous  journey.  Foundry’s  Serverlron  switches  continue  to  be  the  trailblazer 
tor  server  scalability  with  one  accomplishment  after  another.  Serverlron  switches  protect 
servers  against  denial-of-service  attacks,  improve  server  scalability,  and  vastly  enhance  server 
reliabilitv.  Serverlron  makes  it  easy  to  manage  all  your  networked  applications  and  improve 
user  response  time  while  eliminating  application  downtime.  Its  the  industry  leader  in 
performance,  intelligence,  securitv,  and  price.  So  its  no  coincidence  that  Serverlron  is  the 
product  of  choice  for  the  world's  largest  and  most  demanding  customers.  Visit  us  today  at 
www.toimdl  ynet works. com /si.  Or  call  1 .888.TURBOLAN  ( 1 .888.887.2652). 
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The  Power  of  Performance 
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NetVanta  1224STR 


NetVanta  1224STR 
The  functionality  of  five 
devices  for  the  price  of  one 


Lower  the  cost  of  enterprise  connectivity  with  the  powerful  new 
NetVanta  1224STR.This  full-function  WAN/ LAN  access  platform 
does  the  work  of five  devices  for  the  price  of  one.  Suitable  for  networks 
of  any  size,  the  NetVanta  1224STR  offers  everything  you  need  to  bring 
a  branch  office  or  remote  location  online,  including  managed  Layer  2 
Ethernet  switching,  Jull-featured  IP  routing,  firewall  protection,  VPN, 
and  WAN  termination — all  in  a  compact  1U  chassis.  It  is  QoS,  VI AN, 
and  Gigabit  Ethernet  capable,  and  offers  affordable  dial  backup  and 
voice  options.  ADTRAN ’s  new  NetVanta  1000  Series  is  backed  by  a 
100%  satisfaction  guarantee,  including  unlimited  technical  support, 
free  firmware  upgrades,  arid  a  5-year  warranty. 


Register  to  win  a  free  NetVanta  1224STR  now! 
www.adtran.com/info/winnetvanta1224 


Available  at  a  price  point  well  below  competing 
multi-box  solutions,  the  NetVanta  1224STR 
will  change  the  way  you  connect  remote  locations. 


877.591.3055  Technical  Questions 
877.280.8416  Where  to  Buy 


•  The  NetVanta  Series 


•’V  i  NetVanta  1000  Series 
V  i  Integrated  Switch-Router  Platforms 
kyAWanegekayer  2-Ethemet  Switches 


NetVanta  2000  Series 
Firewalls/VPN 


NetVanta  3000  Series 
IP  Routers 


The  Network  Access  Company 


’Copyright  ©5004  AOTRAN.Inci  All  rights  reserved.  ADTRAN  anc|  NetVanta  are  registered  trademarks  of  ADTRAN,  Inc. 
iFjve^year  warranty  applies  in  North  America  and  Europe.  EN70D092704NW 


Dare  to  Compare! 

NetVanta 

1224STR 

Managed,  24-Port 

Layer  2  Switch 

✓ 

IP  Access  Router 

✓ 

Stateful  Inspection  Firewall 

✓ 

DSU/CSU 

✓ 

Gigabit  Ethernet  Uplinks 

✓ 

QoS 

✓ 

VLAN  trunking 

✓ 

Stacking 

✓ 

Command  Line  Interface  (CLI) 

✓ 

Intuitive  Web  GUI 

✓ 

ADTRAN  OS 

✓ 

Optional  Virtual  Private 
Networking 

✓ 

Optional  Dial  Backup 

✓ 

Optional  PBX  Connectivity 

✓ 

Unlimited  Telephone 

Technical  Support 

✓ 

Free  Firmware  Updates 

✓ 

5-Year  Warranty 

✓ 

